[LINK] Re: executable content vs plain data

Rick Welykochy rick at praxis.com.au
Sun Jan 20 14:36:51 AEDT 2008 

Craig Sanders wrote:

> no, flash videos are NOT just data.  they are data plus program code
> which is executed by the flash plugin.

If that is the case, I stand corrected and will accept the fact. So far,
I have not seen any evidence of there being interpreted code in a FLV file.



>> A secure browser *never* downloads and executes programs without the
>> user first enabling the download and installation. This is how the
>> plug-in installation process works.
> 
> 1. not true in the case of active x and anything else MS wants to
> include by default in IE.

ergo my use of the adjective "secure"

> 2. in the case of flash and other plugins that do have to be installed
> by the user[1], once the user has downloaded and installed the plugin
> to view one thing, they're now at risk for EVERY web page they visit
> afterwards.

I won't argue with that. *Any* piece of code can contain bugs and
could possibly be exploited for nefarious purposes. Solution? Turn
off your PC, go outside and enjoy meatspace :)




>>> non-techs could just listen to the advice from people who are
>>> technically literate.
>> Experience shows that most people simply do not listen. This alludes
>> to the concept of the "Internet Dirver's Licence" which many geeks
>> lament.
> 
> right, so that's a reason for those of us who do understand the issues
> to sit smugly on our arses and not even bother attempting to inform
> people?

What nonsense. I tell a person all about insecurities in Windows, why
they should not open certain emails and to *never* click on links found
in emails. They do not listen. And I am smug. Very rich.

No, I am not being smug at all. If you read some of the many many rants
I have posted to Link, ad nauseum, about various insecure practices, my
actions back up my words: I never stop preaching about this stuff. It is
important to me. It is important for a better running Internet. Smug?
Nope. Persistent? Yup.


cheers
rickw




-- 
_________________________________
Rick Welykochy || Praxis Services

Once a new technology starts rolling, if you're not part of the
steamroller, you're part of the road.
      -- Stewart Brand

More information about the Link mailing list