[
Lists Home |
Date Index |
Thread Index
]
- From: Eldar Musayev <eldarm@microsoft.com>
- To: xml-dev@xml.org
- Date: Mon, 8 May 2000 09:22:27 -0700
True, when I open the LoveBug worm, I see VBScript source
(and I _have_ Outlook on my computer)
And I think this is more clever than to execute it.
Is it a sin to be clever?
If we say SOAP is insecure because of incidents like LoveBug,
then we have to declare insecure all email (not just Outlook),
HTML and XML, as well as any internet content and Internet at all.
In fact, that's true, Internet IS insecure, just like car or
airplane. We may talk, how to make it more secure, but
labeling insecure particular technology for the sins of the whole
industry is either paranoid or dishonest. It's like
blaming particular Ford or GM part for accidents made
by drunk drivers.
Eldar
> -----Original Message-----
> From: John Cowan [mailto:cowan@locke.ccil.org]
> To: edd@usefulinc.com
> Cc: dave@userland.com; matt@sergeant.org; simonstl@simonstl.com;
> xml-dev@xml.org
> Subject: Re: SOAP, plague, love
>
> Edd Dumbill scripsit:
>
> > Coffee's invocation of SOAP here doesn't work for me. I
> don't see SOAP
> > as having "active-content" messages. What is passed is
> simply an XML
> > document. If you got a SOAP message in your web browser
> or your email
> > client, you'd just see XML, plain and simple.
>
> Sure, and when you open the Love Bug, what you see is Basic
> source code
> in ASCII, plain and simple. *Anything* can be active content, if the
> receipient treats it as such.
>
> --
> John Cowan cowan@ccil.org
***************************************************************************
This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/
***************************************************************************
|
