Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

IMO not so much. Just assume all files are malicious unless accompanied by metadata saying otherwise. That is pretty much the status quo already.

Except we have some grandfathered file types that are implicitly trusted.



In the article, the remote file's contents were not malicious, but merely trying to access it was. That would require a very different security posture to "assume all files are malicious".


> the remote file's contents were not malicious

until ... one day ... they are!


The remote file is only one of two files in the story.


And what about malicious metadata?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: