[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Netscape rewards are an insult
> Is Jeff or any of the other netscape posters here officially??
I speak for myself. I am not an official Netscape spokescritter, and
have no desires to be one.
> Or are they here, just out of personal curiosity (without their employers
> knowledge, I mean ...) cause they have a whole lot of spare time on their
> hands to learn about cryptography and security.
I don't have a lot of spare time, but I do consider reading the
messages going to cypherpunks as part of my job. (Well at least some
of each message. :-)
> I wish one of them (or Netscape) would make an official comment to make
> sure that the record is straight, and that there is no mis-reporting.
On what topic?
> - Netscape has known about this problem since last week's
> scathing public attack and demonstration of the problem
> which included sample code posted to the Internet??
I am not quite sure what problem you are talking about? NFS and MITM
> - If you run and use a Netscape client, that any machine
> anywhere in the world if it's on the Net could retrieve
> all of the files off of your hard drive or LAN??
> Or even worse ... erase files on your Hard drive and
> wipe you out??
Can you expand on this? I am not aware that any of the executables
we have shipped do this. If you get a compromised version of any
program (i.e. one that some attacker has changed) then that changed
version will do whatever the attacker has built it to do. This is not
a Netscape specific issue.
> - Even if your machine is behind a firewall or proxy server,
> that there is no protection?? That you can't do anything??
Firewalls and proxies help against many attacks. Without knowing
which one you mean, it's impossible to respond intelligently. (In
particular I know of no sites that allow NFS packets to cross a
Philip L. Karlton [email protected]
Principal Curmudgeon http://www.netscape.com/people/karlton
Netscape Communications Corporation