[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Postscript in Netscape

To: [email protected] (Jeff Weinstein)
Subject: Re: Postscript in Netscape
From: [email protected] (Dr. Frederick B. Cohen)
Date: Wed, 18 Oct 1995 08:33:03 -0400 (EDT)
Cc: [email protected]
In-Reply-To: <[email protected]> from "Jeff Weinstein" at Oct 18, 95 05:22:41 am
Sender: [email protected]

> > WRONG!!! Netscape claims to be "secure" - hence it is Netscape's job to
> > be secure - regardless of the user's use of their product.  Otherwise,
> > the ads should read:
> > 
> >         "Netscape can be used securely by sufficiently knowledgeable
> >         users who have emasculated their postscript interpreters before
> >         using them to view files of unknown origin, and who have removed
> >         all other known, unknown, and/or undisclosed security holes from
> >         their systems.  Otherwise, Netscape is insecure and should not be
> >         trusted."
> 
>   Why did I know you would be showing up in this discussion?  You
> wouldn't be related to alice de 'nonymous would you?

Is it Netscape's position that when people call them on their statements
they make irrelevant comments and inflamatory remarks toward legitimate
researchers who are freely helping them understand the security issues
they apparently don't understand?

>   I don't believe that Netscape claims to be some magic bullet that
> will suddenly make your system secure when you install it.  We also
> don't claim that it will detect viruses.

You claim that you provide secure net access for the purposes of
transactions - which you don't - and you have gotten an enormous amount
of money from people who don't understand these issues based, at least
in part, on your false claims.  Some people might interpret that as fraud.

Now instead of trying to insult and put down people who have legitimate
security concerns, you personally attack individuals, try to redirect the
discussion away from the security flaws in Netscape, and try to hush the
discussion with:

>   Dont you think we've wasted enough bandwidth on this?  I'm sure
> most readers of this list are sick of it by now.

I think that you should give a copy of this and the other messages on
this topic to someone at Netscape who is responsible for protection and
ask them to speak for the company and address these issues head on. 
Regardless of your disclaimer, when you speak on the net, we hear
Netscape, and the sounds are starting to sound more and more like
Microsoft to me.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236

Follow-Ups:
- Re: Postscript in Netscape
  - From: Jeff Weinstein <[email protected]>
- Re: Postscript in Netscape
  - From: Nesta Stubbs <[email protected]>
- Re: Postscript in Netscape
  - From: sameer <[email protected]>
- Re: Postscript in Netscape
  - From: Simon Spero <[email protected]>

References:
- Re: Postscript in Netscape
  - From: Jeff Weinstein <[email protected]>

Prev by Date: Re: Postscript in Netscape
Next by Date: Re: Postscript in Netscape
Prev by thread: Re: Postscript in Netscape
Next by thread: Re: Postscript in Netscape
Index(es):
- Date
- Thread