[NTLUG:Discuss] What is love?

[Mark Bainter]

Richard Cobbe [cobbe at directlink.net] wrote:
> Anyway, it is possible to use VBscript and Outlook and all of these
> features that ILOVEYOU exploits to essentially provide a mail front-end to
> a database.  To the user, it appears that the mail message is a form, much
> like one that would appear on a web page.
> 
> While you can do the same thing with a properly-formatted plain-text mail
> message and a Perl script, this isn't a bad feature if you've got users who
> don't want to learn complex input syntaxes.  As in so many other
> situations, though, the greater simplicity comes at a price.  (In this
> case, the price would seem to be approaching $1 billion, at least according
> to CNN! <grin>)

I don't really care if they want to support that.  It's fine if they want to
have a feature like that.  But, you have to be smart about it.  And allowing
just any ol' joe to send you a message that runs with full permissions is just
plain negligent.  Everyone is talking about how much the person who wrote it
should be punished, but I think there are two other parties that need to
accept culpability here too.  First, Microsoft for writing the tool and being
so irresponsible when it comes to security.  Second, the people who used those
products and who chose to click on a suspicious attachment.  In some cases a
3rd party of IT people who chose the software.  Look, if you leave your stereo
system out on your front lawn, how much can you really complain when someone
finally comes along and steals it?  Yes, it was still wrong for that person to
steal it, but really!  

-- 
There I was, lying, cheating and back-stabbing my way up the corporate
ladder, feeling pretty darn good about myself, when someone told me the 'J'
in 'WWJD' meant *Jesus* I thought it meant *Judas*!  Hoo boy, am I red in
the face!