RootsWeb.com Mailing Lists
Home

Results for list 'gen-comp-tips'

Total: 2/2
    1. Re: [GEN-COMP-TIPS] BEWARE Security risks of uploading files
    2. n.east

    3. A file with the extension ".ged" is a Plain Text file. As such it is not a vehicle for transmitting any viruses, trojans, etc. The problem with the received file is one associated with Family Tree Maker 8 (now revealed as the source). Earlier versions of FTM were very "unfriendly" to most other genealogical applications. GEDCOM files created in those early versions of FTM were often unreadable by any of the more popular applications. Perhaps the FTM8 user may be advised to switch to using the free version of Legacy to avoid future problems? ____________________________________________________________ Receive Notifications of Incoming Messages Easily monitor multiple email accounts & access them with a click. Visit http://www.inbox.com/notifier and check it out!

    03/21/2008 08:32:26
    1. Re: [GEN-COMP-TIPS] BEWARE Security risks of uploading files
    2. Steve Riley

    3. Neast, With respect Plain Text files are more than capable of transmitting nefarious code. Actually even text boxes on applications are capable of such 'hacking'. THIS CASE: It is indeed quite possible that the problem here is file corruption or a bad app. HOWEVER: It does not change the assertion that on XP, MAC, Linux you can not trust raw GED files. Vista is much more secure. A malware scanner or a very secure GED verification test program for GEDCOM files would be useful for less secure systems. TECHNICAL: One trivial example is the now famous buffer overflows. Classic is C code for example that allows characters to overflow the text buffer and result in subsequent execution of the malformed 'extended buffer' (as instructions). In fact IE many years ago suffered from these buffer overflows and payloads that executed what might appear to be just text. It was not limited to just IE but other browsers also. More sophisticated forms of penetration exist today. For a system to be secure the operating system needs to mitigate against these types of issues. Compilers need to be designed to detect such vulnerabilities and of course the applications need to also to be developed correctly. (The overall attack surface should be kept to a minimum, hardware should separate data as no execute (not the case in the past), and many other measures). There are scanning programs that scan text files, graphics files (eg: GIF, JPG), media files and so on. These malware utilities like the anti-virus programs can only test against known threats (usually in the wild). Vista as an operating system takes a radical & different approach in the security model and traps unexpected behaviour, encourages apps to run at least privilege (fine granularity) and much more. Although irresponsible I am sure that I could, given the utilities that exist out there ... make a GEDfile that loads correctly on say PAF but that exposes the user and potentially the system. Recommended additional reading: Writing secure code By Mike Howard. -----Original Message----- From: gen-comp-tips-bounces@rootsweb.com [mailto:gen-comp-tips-bounces@rootsweb.com] On Behalf Of n.east Sent: Saturday, 22 March 2008 8:32 PM To: gen-comp-tips@rootsweb.com Subject: Re: [GEN-COMP-TIPS] BEWARE Security risks of uploading files A file with the extension ".ged" is a Plain Text file. As such it is not a vehicle for transmitting any viruses, trojans, etc. The problem with the received file is one associated with Family Tree Maker 8 (now revealed as the source). Earlier versions of FTM were very "unfriendly" to most other genealogical applications. GEDCOM files created in those early versions of FTM were often unreadable by any of the more popular applications. Perhaps the FTM8 user may be advised to switch to using the free version of Legacy to avoid future problems? ____________________________________________________________ Receive Notifications of Incoming Messages Easily monitor multiple email accounts & access them with a click. Visit http://www.inbox.com/notifier and check it out! -------------------------------------- Having trouble with your subscription? Contact the List Admin at gen-comp-tips-admin@rootsweb.com ------------------------------- To unsubscribe from the list, please send an email to GEN-COMP-TIPS-request@rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message

    03/22/2008 04:06:49