RE: [AP] David L. Smith arrested for writing Melissa

Larry Masinter (
Fri, 2 Apr 1999 13:37:57 PST

The problems associated with executable code in email attachments
have been well documented since the first MIME draft discussed
the security considerations of "application/postscript".

The problems associated with ANY application quietly sending
mail on behalf of the user, without the user's explicit confirmation
that mail is being sent, have also been well documented.

While I wouldn't defend anyone who created a virus, isn't there
SOME responsibility to be shared by those who release, deploy,
support, and promote software with obvious and well-known security

While I'm being curmudgeonly, I'll also grumble about those
who would add 'active content' to text/html without attention to the
appropriate security considerations, thus leading to the
problems we saw with JavaScript invoked file upload of user's
personal files.