Netscape bug -Reply

Steve Hooley! hooleyss at gsaix2.cc.GaSoU.EDU
Fri Jun 13 16:13:10 EDT 1997 

        On this sensitive subject, has everyone tried www.digicrime.com ? My
blood pressure went WAY up until I realized it was mostly tongue-in-cheek,
but it points up the huge holes in our security. They know who you are when
you arrive, and they make your machine do tricks without asking you first.
These folks have too much time on their hands....


>>>> George Jenkins <gjenkins at hbs.edu> 06/13/97 12:27pm
>>>>
>Just in case you hadn't hear about this,, you can read the full
>story at
>the CNNfn web site.  A Danish firm found the bug.  PC
>Magazine replicated
>it.  The bug: no security - you can read another person's hard
>drive.
>
>The CNNfn story is at:
>
>http://cnnfn.com/digitaljam/9706/12/netscape_pkg/
>===================
>No argument on it as to being correct....but there is more to
>the story.   First, it is in ALL versions of Netscape, not just
>4.0.   It has always been there.  
>
>Second, though you can see files on the user's system, you
>have to KNOW WHAT FILE YOU WANT, the exact name and
>path, in advance.  I guess they could routinely look at
>cookies, for example, since they're generally in a fixed place
>with a fixed name.  But to guess the path and name to my
>financial records, love letters, etc, etc, would be pretty
>unlikely, especially if you don't use the standard "my files" or
>similar paths and filenames.  
>
>And, it must be pretty obscure, since it has ALWAYS been
>there and no one found it til now.  Of course I imagine that it
>will make its way around the net now.....
>
>Personally, I'm not too concerned for two reasons.  First, I
>tend to practice pretty safe computing anyway.  Second, s/he
>who steals my files steals trash.
>
>And, there is NO indication that they can do anything but
>view them, not modify them, delete them, etc.  
>
>dan
>
>
>Dan Lester, Network Information Coordinator
>Boise State University Library, Boise, Idaho, 83725 USA
>voice: 208-385-1235   fax:  208-385-1394
>dlester at bsu.idbsu.edu     OR    alileste at idbsu.idbsu.edu
>Cyclops' Internet Toolbox:    http://cyclops.idbsu.edu
>"How can one fool make another wise?"   Kansas, 1979.
>
>
>
 
+=============================++============================+
 Stephen S. Hooley                "When the going gets                        
 Romulan Tech Support              weird, the weird

 Systems Group                     turn pro."

 Henderson Library                  -- Hunter S. Thompson

 Ga Southern Univ

 Statesboro, GA 30460     www2.gasou.edu/facstaff/hooleyss

+===========================================================+

More information about the Web4lib mailing list