1995-11-17 - Re: Java & Netscape security (reply to misc. postings)
Header Data
From: fc@all.net (Dr. Frederick B. Cohen)
To: mrm@netcom.com (Marianne Mueller)
Message Hash: 2efc99864f39e456ce7bff9fba6045345bf4af93af3bf5a8292c81dfa36ebd82
Message ID: <9511162108.AA08466@all.net>
Reply To: <199511161933.LAA18504@netcom20.netcom.com>
UTC Datetime: 1995-11-17 00:23:04 UTC
Raw Date: Fri, 17 Nov 1995 08:23:04 +0800
Raw message
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Fri, 17 Nov 1995 08:23:04 +0800
To: mrm@netcom.com (Marianne Mueller)
Subject: Re: Java & Netscape security (reply to misc. postings)
In-Reply-To: <199511161933.LAA18504@netcom20.netcom.com>
Message-ID: <9511162108.AA08466@all.net>
MIME-Version: 1.0
Content-Type: text
> 3. Postscript considered dangerous: (insert-smiley)
>
> As for the question of someone invoking a postscript interpreter via a
> browser and thus opening up their system to some rogue postscript
> file: I think it would be great if either of these two things were to
> magically happen:
>
> 1) people would stop putting postscript docs on web pages
> because it's the wrong technology for WWW - it wastes
> bandwidth - it's hard to view & hence often ugly - everyone
> just prints it out anyway and then complains because there
> is no one "standard" implementation of postscript printing
> worldwide and there are dozens of minor problems
>
> 2) someone could implement a secure postscript previewer
> (whatever that means!)
>
> I doubt either of those two things will happen. The average Jo on the
> internet needs to understand that when s/he downloads binary files
> over the internet and run them from insecure programs on their local
> computer, well, s/he runs some risk. This risk might be tiny, but
> it's impossible to quantify loss. If I lose a poem that I'm writing,
> to me that's priceless, so I do not intend to imply that loss of data
> isn't tragic for the person who loses it. If you have data you can't
> bear to lose, be sure to practice safe computing. Perform backups
> regularly, and use judgement about which interpreters and executable
> programs you allow to run on your PC.
>
> Marianne
It seems clear from this that Netscape, or at least Marianne who seems
to speak for Netscpe, doesn't understand the protection issues that my
clients face. I will nevertheless forward this official Netscape line
to them so they can better understand why I tell them it is insecure.
--
-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Thread
Return to November 1995
- Return to “cjs@netcom.com (cjs)”
- Return to “dlv@bwalk.dm.com (Dr. Dimitri Vulis)”
- Return to “fc@all.net (Dr. Frederick B. Cohen)”
- Return to ““Harry S. Hawk” <habs@warwick.com>”
- Return to “Jeff Weinstein <jsw@netscape.com>”
- Return to “m5@dev.tivoli.com (Mike McNally)”
- Return to “mrm@netcom.com (Marianne Mueller)”
- Return to “Ray Cromwell <rjc@clark.net>”
- Return to ““Richard Martin” <rmartin@aw.sgi.com>”
Return to “rthomas@pamd.cig.mot.com (Robert Owen Thomas)”
- 1995-11-16 (Fri, 17 Nov 1995 05:04:49 +0800) - Java & Netscape security (reply to misc. postings) - mrm@netcom.com (Marianne Mueller)
- 1995-11-17 (Fri, 17 Nov 1995 08:23:02 +0800) - Re: Java & Netscape security (reply to misc. postings) - “Harry S. Hawk” <habs@warwick.com>
- 1995-11-17 (Fri, 17 Nov 1995 08:23:04 +0800) - Re: Java & Netscape security (reply to misc. postings) - fc@all.net (Dr. Frederick B. Cohen)
- 1995-11-17 (Fri, 17 Nov 1995 08:46:45 +0800) - Re: Java & Netscape security (reply to misc. postings) - mrm@netcom.com (Marianne Mueller)
- 1995-11-17 (Fri, 17 Nov 1995 11:25:40 +0800) - Re: Java & Netscape security (reply to misc. postings) - cjs@netcom.com (cjs)
- 1995-11-17 (Fri, 17 Nov 1995 11:40:03 +0800) - Re: Java & Netscape security [NOISE] - “Richard Martin” <rmartin@aw.sgi.com>
- 1995-11-17 (Thu, 16 Nov 95 16:09:54 PST) - Re: Java & Netscape security [NOISE] - fc@all.net (Dr. Frederick B. Cohen)
- 1995-11-17 (Fri, 17 Nov 1995 10:56:01 +0800) - Re: Java & Netscape security [NOISE] - “Richard Martin” <rmartin@aw.sgi.com>
- 1995-11-17 (Fri, 17 Nov 1995 13:04:14 +0800) - Re: Java & Netscape security [NOISE] - fc@all.net (Dr. Frederick B. Cohen)
- 1995-11-17 (Fri, 17 Nov 1995 11:40:55 +0800) - Re: Java & Netscape security [NOISE] - rthomas@pamd.cig.mot.com (Robert Owen Thomas)
- 1995-11-17 (Sat, 18 Nov 1995 02:54:29 +0800) - Re: Java & Netscape security [NOISE] - Ray Cromwell <rjc@clark.net>
- 1995-11-17 (Fri, 17 Nov 1995 10:56:01 +0800) - Re: Java & Netscape security [NOISE] - “Richard Martin” <rmartin@aw.sgi.com>
- 1995-11-17 (Sat, 18 Nov 1995 02:46:33 +0800) - Re: Java & Netscape security [NOISE] - m5@dev.tivoli.com (Mike McNally)
- 1995-11-18 (Sat, 18 Nov 1995 09:09:02 +0800) - Re: Java & Netscape security [NOISE] - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
- 1995-11-17 (Thu, 16 Nov 95 16:09:54 PST) - Re: Java & Netscape security [NOISE] - fc@all.net (Dr. Frederick B. Cohen)
- 1995-11-18 (Sat, 18 Nov 1995 09:22:37 +0800) - Re: Java & Netscape security (reply to misc. postings) - Jeff Weinstein <jsw@netscape.com>