[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape rewards are an insult



In article <[email protected]>, Aleph One <[email protected]> writes:
> On Thu, 19 Oct 1995 [email protected] wrote:

>> >   NETSCAPE CLIENT APIS (NCAPIS) 2.0

>> Generally, we don't routinely trust every other computer, foreign or 
>> domestic on the Internet to manipulate us by remote control.  This is
>> as basic as the idea that we don't give out our PIN numbers with our 
>> banking cards to anyone who asks us.  

> Have you actually read the stuff? The NCAPIS is not on by default.
> You *must* enable it by tellling it to which port to listen on.
> Further more Mosaic had a remote control API before Netscape did.

They can also be used only from the local machine on Windows or from any
machine your X server trusts on Unix.  Unless the attacker can control
what software is installed on the target system, there's no way for him
to use this to his advantage.  Of course, there's always the possibility
of exploting bugs, but that's not a "flawed algorithm".

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | [email protected]