Netscape bug -Reply
Dan Lester
DLESTER at bsu.idbsu.edu
Fri Jun 13 15:15:51 EDT 1997
>>> George Jenkins <gjenkins at hbs.edu> 06/13/97 12:27pm
>>>
Just in case you hadn't hear about this,, you can read the full
story at
the CNNfn web site. A Danish firm found the bug. PC
Magazine replicated
it. The bug: no security - you can read another person's hard
drive.
The CNNfn story is at:
http://cnnfn.com/digitaljam/9706/12/netscape_pkg/
===================
No argument on it as to being correct....but there is more to
the story. First, it is in ALL versions of Netscape, not just
4.0. It has always been there.
Second, though you can see files on the user's system, you
have to KNOW WHAT FILE YOU WANT, the exact name and
path, in advance. I guess they could routinely look at
cookies, for example, since they're generally in a fixed place
with a fixed name. But to guess the path and name to my
financial records, love letters, etc, etc, would be pretty
unlikely, especially if you don't use the standard "my files" or
similar paths and filenames.
And, it must be pretty obscure, since it has ALWAYS been
there and no one found it til now. Of course I imagine that it
will make its way around the net now.....
Personally, I'm not too concerned for two reasons. First, I
tend to practice pretty safe computing anyway. Second, s/he
who steals my files steals trash.
And, there is NO indication that they can do anything but
view them, not modify them, delete them, etc.
dan
Dan Lester, Network Information Coordinator
Boise State University Library, Boise, Idaho, 83725 USA
voice: 208-385-1235 fax: 208-385-1394
dlester at bsu.idbsu.edu OR alileste at idbsu.idbsu.edu
Cyclops' Internet Toolbox: http://cyclops.idbsu.edu
"How can one fool make another wise?" Kansas, 1979.
More information about the Web4lib
mailing list