informIT: attack categories

[ljknews at mac.com (ljknews)]

At 6:36 PM -0400 8/25/09, Steven M. Christey wrote:
> Gary,
>
> You said in the article:
>
> > The next category of attacks to expect are attacks that target defects in
> > design and architecture - which I call flaws.
>
> I think it's already happening.

I think it has been happening for years.  I use Microsoft Word
V5.1a from 1992, because Microsoft followed that with Word 6.0
which introduced the design defect allowing Macro Viruses.

Of course this was not actually an innovation, as IBM had
previously introduced _and_withdrawn_ a similar vulnerability
in their CMS operating environment (the mail program would
automatically call a text formatter which could call the
operating system under the direction of the sender.

Those who do not study history are condemned to repeat it.
-- 
Larry Kilgallen