1996-02-24 - Re: REM_ote

Header Data

From: Alex Strasheim <cp@proust.suba.com>
To: cypherpunks@toad.com
Message Hash: d7fac3583db362f9154e1791d0ccfa99126ba62032376732743469d407ad28c0
Message ID: <199602240428.WAA00352@proust.suba.com>
Reply To: <ad53b6f9010210048c41@[205.199.118.202]>
UTC Datetime: 1996-02-24 23:36:30 UTC
Raw Date: Sun, 25 Feb 1996 07:36:30 +0800

Raw message

From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 25 Feb 1996 07:36:30 +0800
To: cypherpunks@toad.com
Subject: Re: REM_ote
In-Reply-To: <ad53b6f9010210048c41@[205.199.118.202]>
Message-ID: <199602240428.WAA00352@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Might want to be careful calling Marianne a borderline liar. She's our host
> for Cypherpunks meetings at Sun, where's she's in the Java group. The
> article didn't make it clear that she's with Sun and not Netscape. She's
> also been coming to Cypherpunks meetings since the beginning, and posts
> here occasionally.

I apologize for the remark, it was out of line.  I don't know who she is,
or what she actually said, for that matter.

But the fact remains that these sorts of security problems were predicted
well before Java was widely deployed.  They're serious, and this isn't
going to be the last one.  An awful lot of people aren't going to patch
their copies of Netscape any time soon, either.

(A useful feature for Netscape might be a facility that checks
periodically to see if a security patch is in order, and displays a
warning if it is.)

Problems with security are a fact of life.  I've made embarassing mistakes
that compromised security for some of my users.  When that happens you
have to come clean, tell the truth, and fix the problem.  Don't try to
convince people that you didn't screw up, that the problem isn't serious. 
Don't say things that will encourage users to put off installing a
security patch.  And don't underestimate the ability of your attackers.







Thread