> And when some "genius" at Microsoft thought it would be a good idea to > be able to embed arbitrary code in a document, it meant that someone could > do anything they wanted to do to your computer just by sending you a document.
To be fair, that issue existed in Script way back when. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Tom Marchant <0000000a2a8c2020-dmarc-requ...@listserv.ua.edu> Sent: Tuesday, May 7, 2019 2:47 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? On Tue, 7 May 2019 17:12:48 +0000, Jesse 1 Robinson wrote: >When I explain mainframe security to the unwashed but curious, I cite history >above all. The mainframe emerged from the primordial bit bucket soup at a time >and in a form that utterly precluded individual users from possessing their >own computers. The notion of one-computer-one-user was monstrously >unthinkable. Mainframe was of necessity a shared environment in which utter >strangers were obligated to breathe the same digital air and excrete into the >same pools. Preventing cross contamination was the first commandment. This >overriding concern guided and often dictated decades of evolution. There was >never a moment in the mainframe's lineage where security or integrity could be >architecturally compromised for *any* other goal. The earliest microprocessors had nothing equivalent to supervisor state, privileged instructions , or storage protect keys. PC operating systems, including several releases of Windows, were written without the benefit of any of these. Every program had full access to everything that the processor could do. And when some "genius" at Microsoft thought it would be a good idea to be able to embed arbitrary code in a document, it meant that someone could do anything they wanted to do to your computer just by sending you a document. -- Tom Marchant ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
