"Tumbleweed" wrote in message
...

"dennis@home" wrote in message
k...

"Tumbleweed" wrote in message
...

"dennis@home" wrote in message
. uk...

"Joe" wrote in message
...

You don't recall the (long) period throughout which Windows would
run *any* kind of executable file it was given by Internet Explorer,
and while IE only bothered looking at the file extension *listed in
the multipart header* to decide whether a file was safe to run?
Not a script in sight, the culprit was the IFRAME.

IE is a web browser not a news reader.
Its the user thats to blame if they run downloaded stuff without
thinking.

it wasnt necessary to 'run' anything, just visit the page in question.

I don't remember any bug which would run an application by just visiting
a page that used that attack method.
Didn't the user have to click on the link?

It is irrelevant.
There are many applications out there that have or have had bugs in them
that allow/allowed people to hijack the machines.
html doesn't cause this, bad programming does.


Doh! The cause is irrelevant, the point is that html allows these types of
programming errors to be exploited, unlike pure text.

Like I said it isn't html that allowed it in it was a bug.

You don't know that there aren't bugs in readers of plain text that create
security holes.

It seems a bit silly to be paranoid about a mark-up language and then still
use other applications which aren't bug free (e.g. TCP, mail, widows, Linux,
MacOS, etc.).
I suggest you stop using the internet as there have been and may well still
be bugs in the protocol stacks and applications which could allow harm to
machines.