[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Postscript in Netscape
On Wed, 18 Oct 1995, Dr. Frederick B. Cohen wrote:
> Is it Netscape's position that when people call them on their statements
> they make irrelevant comments and inflamatory remarks toward legitimate
> researchers who are freely helping them understand the security issues
> they apparently don't understand?
Jeff doesn't speak directly for Netscape, Doc. Your previous suggestion
didn't make much sense, the idea that a single peice of software must
close ALL the holes across the board to be called "secure" is ludicrous.
Granted it should cover all within it's domain, and provide safegaurds,
but to expect Netscape to handle security problems that rightfully should
be fixed in the TCP/IP protocol stack, or in the interprator for another
language that happens to have a security hole and can be spawned off.
Netscape does not come with a postscript app preset so the user has to
make a conscious choice. All postscript viewers I have used make mention
of these security problems, and I would hope(tho do not for one second
believe) that users read this warnings. If they don't and set-up the
browser to spawn off files of unknown origins, then they are taking their
own risks and I do not think for one second netscape could be held
responsible. There is no defense against the dreaded DEU hole that
exists on all systems.
Nesta Stubbs "Betsy, can you find the Pentagon for me?
Cynico Network Consulting It has five sides and a big parking lot"
[email protected] -Fred McMurray-