Secure Coding mailing list archives
informIT: attack categories
From: ljknews at mac.com (ljknews)
Date: Wed, 26 Aug 2009 08:53:38 -0400
At 6:36 PM -0400 8/25/09, Steven M. Christey wrote:
Gary, You said in the article:The next category of attacks to expect are attacks that target defects in design and architecture - which I call flaws.I think it's already happening.
I think it has been happening for years. I use Microsoft Word V5.1a from 1992, because Microsoft followed that with Word 6.0 which introduced the design defect allowing Macro Viruses. Of course this was not actually an innovation, as IBM had previously introduced _and_withdrawn_ a similar vulnerability in their CMS operating environment (the mail program would automatically call a text formatter which could call the operating system under the direction of the sender. Those who do not study history are condemned to repeat it. -- Larry Kilgallen
Current thread:
- informIT: attack categories Gary McGraw (Aug 25)
- informIT: attack categories Steven M. Christey (Aug 25)
- informIT: attack categories Gary McGraw (Aug 25)
- informIT: attack categories Prasad Shenoy (Aug 26)
- informIT: attack categories ljknews (Aug 26)
- informIT: attack categories Gary McGraw (Aug 25)
- informIT: attack categories Steven M. Christey (Aug 25)