[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PRINCETON STUDENTS FIND HOLE IN INTERNET SECURITY SOFTWARE

To: sameer <[email protected]>
Subject: Re: PRINCETON STUDENTS FIND HOLE IN INTERNET SECURITY SOFTWARE
From: Herb Sutter <[email protected]>
Date: Mon, 06 Nov 1995 23:16:18 -0500
Cc: [email protected]
Sender: [email protected]

I've always read with interest Sameer's notes, and I also enjoyed this one.
I just can't figure out why he's writing it (spelling and grammar errors aside):

At 07:52 11.06.1995 -0800, sameer wrote:
>For Immediate Release
>Date: Nov 6th, 1995
>Contact: Sameer Parekh 510-601-9777 [email protected]
>
>PRINCETON STUDENTS FIND HOLE IN INTERNET SECURITY SOFTWARE

This title and the opening paragraphs seem unnecessarily (and
misleadingly[*]) alarmist, given the recent spate of similar mass-media
articles.  After the lead and second paragraphs repeatedly talk about
"holes", "make viruses and other malicious programs possible", etc., it
isn't until the third paragraph that we read a calmer quote:

[*] Java isn't really 'Internet security software', and the students didn't
find a hole in any current version according to the rest of the text.

>"While we did find some interesting holes, we believe these can be
>addressed and Java could make a good standard for remote code on the
>Web, if an effective security policy is defined."

The opening paragraphs sure didn't reflect this.  Then:

>The holes they found exist only in the alpha release of HotJava. The
>beta release, which is the version found in the widely-used Netscape
>Navigator 2.0b1J is not vulnerable to these attacks.

They do?  It's not?  Then... why mention it at all?!

If this is so, it's a dead issue, old news, passe'.  Why another alarmist
press release (other than to promote Community ConneXion's decision to add
Java to its hit list <grin duck & run>)?  The public's paranoid enough about
net commerce; why should we, of all people, fan the flames?

This isn't to bash Sameer, whose posts I always enjoy reading.  I'm just a
bit puzzled by this one...

Herb

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Herb Sutter                 2228 Urwin, Suite 102       voice (416) 618-0184
Connected Object Solutions  Oakville ON Canada L6L 2T2    fax (905) 847-6019

Prev by Date: Re: Exporting software doesn't mean exporting (was: Re: lp ?)
Next by Date: Paranoia Has Its Uses
Prev by thread: PRINCETON STUDENTS FIND HOLE IN INTERNET SECURITY SOFTWARE
Next by thread: SSL-encrypted apache web server available for beta-test
Index(es):
- Date
- Thread