Vmyths.com

Hoaxes, myths,
urban legends

Columnists


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

McGraw's comments quoted for posterity

Rob Rosenberger, Vmyths co-founder
Sunday, 31 January 1999

FINJAN REMOVED DR. Gary McGraw's comments from their Russian New Year quotes page. Ironically, they continue to highlight comments made by Greg Coticchia, a vice president of marketing at AXENT. Let me quote McGraw's original comments for posterity:

Mobile code presents very real security risks. The newly-discovered Russian New Year exploit demonstrates how simple it is to misuse good technology to carry out any number of dangerous security attacks. Who wold have guessed that mixing an extremely useful Excel funciton, a standard HTML call, and a devious mind would result in a full-fledged attack? The Russian New Year falls squarely within the worst category of mobile code attacks — system modification. A majority of Web users remain blithely unaware of the dangers of mobile code and would do well to sit up and take notice.

As I mentioned previously, McGraw's comments passed my "realism" test with flying colors, and they would apply equally well to the Res exploit discovered in 1997.