more on It seems that even "secure" financial transactions with Internet Explorer aren't safe

[dave () farber net]

___

Dave Farber  +1 412 726 9889



...... Forwarded Message .......
From: Peter G Capek <capek () us ibm com>
To: dave () farber net, geodog () cyberdude com
Date: Tue, 06 Jul 2004 10:42:57 -0400
Subj: Re: [IP] It seems that even "secure" financial transactions with 
Internet Explorer aren't safe


Seems to me that the more interesting question is how a .gif file morphs 
into something other than an image...  Apparently, this was achieved
through the use of the ".chm" exploit. another known IE problem.   It 
seems, then, that no advice of the form "don't download or execute xxx 
files or view xxx web pages" is
safe.  Only Ken Thompson's "Don't trust any software that wasn't ENTIRELY 
created by someone you trust" (my paraphrase) dictum is worth anything.
And that's a hard thing to do in practice, of course.

              Peter Capek

        

Peter G. Capek
IBM Thomas J. Watson Research Center
Yorktown Heights, NY   10598-0218
(+1 914) 945-1250       IBM Tieline: 8-862-1250            Fax:  X 4426


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/