Dustin Puryear <dpuryear@usa.net> writes:
> http://www.secunia.com/advisories/8350/
and later...
> No automatic execution.
>From the advisory:
An input validation error in the Content-ID header allows
insertion of arbitrary data, which is then passed to GTKHtml for
rendering.
So, does "No automatic execution" include "No automatic HTML
rendering"? Should the user be presented with a warning every single
time he wants to read an HTML email?
The problem with Outlook, as I understand it, is not that there are
bugs, but that the design is wrong. If Evolution's designers do a
better job (and, from what I've seen, they have), then Evolution
shouldn't be the same sort of worm vector that Outlook is.
All programs have bugs. How devastating those bugs are depends on
the design of the program. If the program is designed not to be a
vector for worms, then fixing the bugs should fix the problem.
Outlook was designed for inter-office communication, not Internet
email. As such, fixing bugs doesn't fix the underlying problem.
Mark.
___________________
Nolug mailing list
nolug@nolug.org
Received on 09/09/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST