[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PRINCETON STUDENTS FIND HOLE IN INTERNET SECURITY SOFTWARE
I've always read with interest Sameer's notes, and I also enjoyed this one.
I just can't figure out why he's writing it (spelling and grammar errors aside):
At 07:52 11.06.1995 -0800, sameer wrote:
>For Immediate Release
>Date: Nov 6th, 1995
>Contact: Sameer Parekh 510-601-9777 [email protected]
>PRINCETON STUDENTS FIND HOLE IN INTERNET SECURITY SOFTWARE
This title and the opening paragraphs seem unnecessarily (and
misleadingly[*]) alarmist, given the recent spate of similar mass-media
articles. After the lead and second paragraphs repeatedly talk about
"holes", "make viruses and other malicious programs possible", etc., it
isn't until the third paragraph that we read a calmer quote:
[*] Java isn't really 'Internet security software', and the students didn't
find a hole in any current version according to the rest of the text.
>"While we did find some interesting holes, we believe these can be
>addressed and Java could make a good standard for remote code on the
>Web, if an effective security policy is defined."
The opening paragraphs sure didn't reflect this. Then:
>The holes they found exist only in the alpha release of HotJava. The
>beta release, which is the version found in the widely-used Netscape
>Navigator 2.0b1J is not vulnerable to these attacks.
They do? It's not? Then... why mention it at all?!
If this is so, it's a dead issue, old news, passe'. Why another alarmist
press release (other than to promote Community ConneXion's decision to add
Java to its hit list <grin duck & run>)? The public's paranoid enough about
net commerce; why should we, of all people, fan the flames?
This isn't to bash Sameer, whose posts I always enjoy reading. I'm just a
bit puzzled by this one...
Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184
Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019