[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Fwd) SECURITY ALERT: Password protection bug in Netscape 2.0b



Except for the bit about the file not being deleted after quitting
Netscape (which is Bad), this is old news. This is why security-conscious
sites like banking.wellsfargo.com ask for passwords in an SSL-encrypted
form rather than via simple browser authentication. 

Even if Netscape did delete the "password cache," anyone with physical 
access to your machine could still recover it from disk.

I believe that Microsoft Internet Explorer and other browsers derived from
Mosaic do the same thing. 

Netscape et al know that simple browser authentication is of limited 
usefulness, which is why we keep trying to commit them to DCE.

-rich