Netscape Logic Bomb detailed by IETF
Nesta Stubbs
nesta at cynico.com
Tue Oct 24 20:02:23 PDT 1995
On Mon, 23 Oct 1995, Dr. Frederick B. Cohen wrote:
> > Yes, Mr. Anonymous, we all know postscript is dangerous. Thank you for
> > this stunning revelation. We've read the IETF documents before, and
> > some of us even helped write them.
>
> Then you should support his point which is valid.
>
I don't think they have vested interests at all. I think that they are
able to see that the problem is not with the browser. You know
"/bin/login" is insecure because it allows hooks for unpasswded logins, I
mean if the user wanted to they could leave root unpasswded and if they are
using "/bin/login" someone could get into their system just like that.
That point is NOT valid IMO.
> I strongly disagree. If Netscape provided a way to execute shell
> commands on your host from a remote computer, it would certainly be a
> hole created by their product. The fact that the default shell is
> potentially dangerous means it's incumbant on those who provide access
> to it to provide adequate protection.
>
NO, postscript provides the method for executing shell commands if you
accept postscript from anywhere. Netscape can NEVER be "fool"proof
against all hardware errors, particularly loose nuts on the keyboard.
Nesta Stubbs "Betsy, can you find the Pentagon for me?
Cynico Network Consulting It has five sides and a big parking lot"
nesta at cynico.com -Fred McMurray-
More information about the cypherpunks-legacy
mailing list