[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Impact of Netscape kernel hole

To: [email protected]
Subject: Re: Impact of Netscape kernel hole
From: Eric Murray <[email protected]>
Date: Fri, 13 Jun 1997 18:08:42 -0700 (PDT)
Cc: [email protected]
In-Reply-To: <[email protected]> from "Huge Cajones Remailer" at Jun 13, 97 03:41:03 pm
Sender: [email protected]

Huge Cajones Remailer writes:
> 
> It'd be nice to have more specifics about the whole situation, but
> regardless - any preliminary threat assessments?  Exactly how widely
> exploited do you think this has been?
> 
> Tim's post (although refuted by Marc) raises some serious issues since I
> suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp

Of course that's IDEA-encrypted (or maybe something better in PGP 5) so
the attacker would need a lot of compute power to brute-force the key.
I wouldn't worry too much about someone getting my secring.pgp.  However
I would worry about them getting my mail folder, my .rhosts, my
/etc/password, etc.

> Some coherent input on the possible impact of this would be appreciated.

Yes, a description of the exploit would be very helpful.  It should
be fairly easy to hack a proxy to search and destroy the Java/Javascript
CaptiveX attacklet as it's being received.

-- 
                   Eric Murray  [email protected] 
  Network security and encryption consulting.    PGP keyid:E03F65E5

Follow-Ups:
- Re: Impact of Netscape kernel hole
  - From: Bill Stewart <[email protected]>

References:
- Impact of Netscape kernel holeImpact of Netscape kernel hole
  - From: [email protected] (Huge Cajones Remailer)

Prev by Date: Re: Impact of Netscape kernel hole
Next by Date: Re: FUCK YOU: There's no general right to privacy -- get over it, from Netly
Prev by thread: Impact of Netscape kernel holeImpact of Netscape kernel hole
Next by thread: Re: Impact of Netscape kernel hole
Index(es):
- Date
- Thread