Who in their right mind would fill GED files with viruses. Crazy! And I think you should not tell people about these problems. Just Silly. -k > From: steverileyjm@hotmail.com> To: gen-comp-tips@rootsweb.com> Date: Sat, 22 Mar 2008 22:06:49 +1000> Subject: Re: [GEN-COMP-TIPS] BEWARE Security risks of uploading files> > Neast,> > With respect Plain Text files are more than capable of > transmitting nefarious code. Actually even text boxes > on applications are capable of such 'hacking'. > > THIS CASE: It is indeed quite possible that the problem> here is file corruption or a bad app. HOWEVER: It does > not change the assertion that on XP, MAC, Linux you can > not trust raw GED files. Vista is much more secure. > A malware scanner or a very secure GED verification > test program for GEDCOM files would be useful for less > secure systems.> > TECHNICAL: One trivial example is the now famous buffer > overflows. Classic is C code for example that allows > characters to overflow the text buffer and result in > subsequent execution of the malformed 'extended > buffer' (as instructions). In fact IE many years > ago suffered from these buffer overflows and payloads > that executed what might appear to be just text. It was > not limited to just IE but other browsers also. More > sophisticated forms of penetration exist today.> > For a system to be secure the operating system needs to > mitigate against these types of issues. Compilers need > to be designed to detect such vulnerabilities and of > course the applications need to also to be developed > correctly. (The overall attack surface should be kept to> a minimum, hardware should separate data as no execute > (not the case in the past), and many other measures).> > There are scanning programs that scan text files, > graphics files (eg: GIF, JPG), media files and so > on. These malware utilities like the anti-virus > programs can only test against known threats > (usually in the wild). Vista as an operating > system takes a radical & different approach in > the security model and traps unexpected > behaviour, encourages apps to run at least privilege> (fine granularity) and much more.> > Although irresponsible I am sure that I could, > given the utilities that exist out there ... > make a GEDfile that loads correctly on say PAF > but that exposes the user and potentially the > system.> > Recommended additional reading: Writing secure code> By Mike Howard.> > -----Original Message-----> From: gen-comp-tips-bounces@rootsweb.com> [mailto:gen-comp-tips-bounces@rootsweb.com] On Behalf Of n.east> Sent: Saturday, 22 March 2008 8:32 PM> To: gen-comp-tips@rootsweb.com> Subject: Re: [GEN-COMP-TIPS] BEWARE Security risks of uploading files> > A file with the extension ".ged" is a Plain Text file. As such it is not a> vehicle for transmitting any viruses, trojans, etc. The problem with the> received file is one associated with Family Tree Maker 8 (now revealed as> the source). Earlier versions of FTM were very "unfriendly" to most other> genealogical applications. GEDCOM files created in those early versions of> FTM were often unreadable by any of the more popular applications. Perhaps> the FTM8 user may be advised to switch to using the free version of Legacy> to avoid future problems?> > ____________________________________________________________> Receive Notifications of Incoming Messages> Easily monitor multiple email accounts & access them with a click.> Visit http://www.inbox.com/notifier and check it out!> > -------------------------------------- > Having trouble with your subscription? Contact the List Admin at> gen-comp-tips-admin@rootsweb.com> -------------------------------> To unsubscribe from the list, please send an email to> GEN-COMP-TIPS-request@rootsweb.com with the word 'unsubscribe' without the> quotes in the subject and the body of the message> > -------------------------------------- > Having trouble with your subscription? Contact the List Admin at gen-comp-tips-admin@rootsweb.com> -------------------------------> To unsubscribe from the list, please send an email to GEN-COMP-TIPS-request@rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message _________________________________________________________________ Amazing prizes every hour with Live Search Big Snap http://www.bigsnapsearch.com