Of course, some documents would no longer work, so you need management buyin to secure things.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Gabe Goldberg <g...@gabegold.com> Sent: Wednesday, May 8, 2019 12:31 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? I had a Sev 1 APAR against PROFS (or when it became OfficeVision) by pointing out that (at least on VM) sending a document with embedded .sy control word could, say, quietly format recipient's A disk (for those who've never touched VM, that's a VM user's personal storage). Tricky fix was making NOSY (or whatever option disabled processing .sy) the default. Presumably the problem and fix applied wherever OV appeared. Seymour J Metz <sme...@gmu.edu> said correctly: > And when some "genius" at Microsoft thought it would be a good idea to > be able to embed arbitrary code in a document, it meant that someone could > do anything they wanted to do to your computer just by sending you a document. To be fair, that issue existed in Script way back when. -- Gabriel Goldberg, Computers and Publishing, Inc. g...@gabegold.com 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 LinkedIn: http://secure-web.cisco.com/1z9nm_XUec9A2JjLl71eUbjF0oFeWmu7IzCPbSOxENPcGsVFBMma3nJvrClTZExGxhCCwvmLFd3IcgQ3rrYxrYrTYL7UvhFf63hukjct4ELUv8PRCUIwtx7FXTZbp8vLhy8fZRZgbRpLh_L31Da0FpC2aP1AuXXN_BoSyw9DTbfCVMBaMR9vz4dgqzRPKEGKF4s7eLhsT4UkgmALh2tUxtOl8DPQoYbFVjzrjdlzFkrus0ptxLh0pKQE8AMAZohlkIsoaS4c9bADyRo6BJty6E_JIqctds_bLYFDMCtRuAwojkY0nX1C9g5lb2UJLE93QnDqn_glpNqOu-IcHPYabb2op0Kn-qyZ02b6KbmLuTdNyHk3p0bNyv-TjS1Wx9FjOU5AmlTAbUaPTzKAn1XHaNG2g9-i1ssWnSn0V6irnGQYNmA8A_VJ-n395LqMTGHZ1/http%3A%2F%2Fwww.linkedin.com%2Fin%2Fgabegold Twitter: GabeG0 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
