[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape rewards are an insult

> Is Jeff or any of the other netscape posters here officially??

I speak for myself. I am not an official Netscape spokescritter, and
have no desires to be one.

> Or are they here, just out of personal curiosity (without their employers
> knowledge, I mean ...) cause they have a whole lot of spare time on their
> hands to learn about cryptography and security.

I don't have a lot of spare time, but I do consider reading the
messages going to cypherpunks as part of my job. (Well at least some
of each message. :-)

> I wish one of them (or Netscape) would make an official comment to make
> sure that the record is straight, and that there is no mis-reporting.

On what topic?

>         - Netscape has known about this problem since last week's
>           scathing public attack and demonstration of the problem
>           which included sample code posted to the Internet??

I am not quite sure what problem you are talking about? NFS and MITM
ftp attacks?

>         - If you run and use a Netscape client, that any machine
>           anywhere in the world if it's on the Net could retrieve
>           all of the files off of your hard drive or LAN??
>           Or even worse ... erase files on your Hard drive and
>           wipe you out??

Can you expand on this? I am not aware that any of the executables
we have shipped do this. If you get a compromised version of any
program (i.e. one that some attacker has changed) then that changed
version will do whatever the attacker has built it to do. This is not
a Netscape specific issue.

>         - Even if your machine is behind a firewall or proxy server,
>           that there is no protection??  That you can't do anything??

Firewalls and proxies help against many attacks. Without knowing
which one you mean, it's impossible to respond intelligently. (In
particular I know of no sites that allow NFS packets to cross a
firewall boundary.)

Philip L. Karlton			[email protected]
Principal Curmudgeon			http://www.netscape.com/people/karlton
Netscape Communications Corporation