1995-09-19 - Re: NYT on Netscape Crack

Header Data

From: sameer <sameer@c2.org>
To: rjc@clark.net (Ray Cromwell)
Message Hash: 4ca8009cb61509a89a6544ad058215c8be3c7aca49a330e14d16a8d3fd3614a1
Message ID: <199509190713.AAA01128@infinity.c2.org>
Reply To: <199509190703.DAA03247@clark.net>
UTC Datetime: 1995-09-19 07:18:35 UTC
Raw Date: Tue, 19 Sep 95 00:18:35 PDT

Raw message

From: sameer <sameer@c2.org>
Date: Tue, 19 Sep 95 00:18:35 PDT
To: rjc@clark.net (Ray Cromwell)
Subject: Re: NYT on Netscape Crack
In-Reply-To: <199509190703.DAA03247@clark.net>
Message-ID: <199509190713.AAA01128@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
>   I doubt this in the case of the browser. Atleast as far as the
> parsing is concerned. There may be a buffer overflow for example,

	Buffer overflow seems like a much greater concern when dealing
with a server. Particularly one which is supposedly "secure", and
accessing "secured" documents. Even with the server running as
'nobody' if someone can implement buffer overflow to get access to
documents they shouldn't then that would count as a pretty significant
hack.

	I suspect that the server is where the majority of the bugs
lie. My Hack Netscape page emphasizes the server as a place to look
for holes.


> when you input the url in the "open" window, but that has to be
> done manually by the user and isn't a threat, like a "rogue homepage"
> would be. The reason I doubt string buffer overflows in the case of
> the browser is that it seems to be written in some object oriented
> language, perhaps C++ (or maybe just oo-C like BSAFE). Once you
> have a general robust String class, you can prove it's non-overflowable,
> and therefore no composition of operations from the browser code will
> overflow it (unless of course, you break language safety by using
> casts and pointer manipulation) Secondly, Netscape has been very
> robust in my own testing against these common bugs. One of the things
> I've done lately is "tiger team" attacks against servers and browsers.
> (of course, sendmail is a brilliant counter example)
> (if you can find a call to gets() in Netscape, I will instantly 
> retreat ;-) )
> 
>   Netscape's security maybe bad, but the rest of their browser, or atleast
> their development process, is good engineering. They've built a very
> complex application, fairly quickly, that runs with very few bugs,
> across a wide variety of operating systems and GUI's, while maintaining
> a consistent user interface and feature set. Netscape 2.0 incorporated
> Java, LiveObjects, and more HTML3.0 in almost record time. (I wasn't
> expecting a Java capable Netscape until atleast December). I'd like to
> see Microsoft develop a piece of code that quickly that runs on
> umteen different flabors of Unix, MacOS, and Win3.1/95/NT. Hell, they
> can't even write code that runs smoothly across all three
> flavors of their operating system.
> 
> -Ray
> 
> 
>  
>    
> 
> 


-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
An Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			sameer@c2.org




Thread