TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
I wish you'd have added some sort of explanation as to why you posted
this: unless you were merely pointing out a pretty good little piece of
technical writing, I find that the points made in it (more relevant to a
thread on security) are pretty good.
Look at this: CERT announces, on January 15, 2003, that a flaw exists.
At the time of the announcement, RedHat already has a patch, and SuSE is
working on one. If you go to the actual CERT advisory, you'll see that the
majority of other vendors have no exposure to this flaw. So, although this
is a vulnerability with a fairly small footprint, the vendors are already
on top of it.
Some of the unpatched IE flaws have been known to Microsoft for more than
a year. One of the bugs on this page is a bug, present in fully-patched,
current versions of IE, that allow a malicious webpage author to execute
arbitrary code on your machine, just by getting you to visit their
webpage - and the code can be hidden in a .JPG, because IE will ignore
filetypes if it thinks it knows better. Running Outlook with the preview
pane enabled, or the MIME-type vulnerability that enables viruses like
Klez? A bad guy putting BackOrifice on your machine and completely taking
it over becomes trivial at that point.
The footprint of "people who use Internet Explorer" is huge. The exposure
of all of those people, for more than a year, is staggering. Ever read the
news and wonder how those Denial of Service attacks bring down big sites
like Yahoo or CNN? It all starts with your computer on your DSL or
cablemodem. The bad guys take over your computer, and thousands like them,
and use thousands of small machines to take down a handful of big ones.
I agree with Andrew's point that securing any system is a non-trivial
exercise. But having been a network administrator prior to becoming a
full-time tech writer, I appreciate the wide margin that *nix/*BSD
security has over Microsoft's laughable efforts in the field. I don't
subscribe to 'religion' about computers. I use both a W98 and a W2K box
every day. They're useful machines. But I wouldn't put either on the
internet without a packet filter in front of them.
--
Huey
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
A new book on Single Sourcing has been released by William Andrew
Publishing: _Single Sourcing: Building Modular Documentation_
is now available at: http://www.williamandrew.com/titles/1491.html.
Help Authoring Seminar 2003, coming soon to a city near you! Attend this
educational and affordable one-day seminar covering existing and emerging
trends in Help authoring technology. See http://www.ehelp.com/techwr-l2.
---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.
