In message <[EMAIL PROTECTED]>, Crispin Cowan writes:
> Unfortunately, this safety feature is nearly useless, because if you
>take an infected whatever.doc file, and just *rename* it to whatever.rtf
>and send it, then MS Word will cheerfully open the file for you when you
>double click on the attachment, ignore the mismatch between the file
>extension and the actual file type, and run the fscking VB embedded within.
>
That actually illustrates a different principle: don't have two
different ways of checking for the same thing.
--Steve Bellovin, http://www.stevebellovin.com
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
