From: Rick Busdiecker <rfb@lehman.com>
Date: Wed, 27 Sep 95 06:36:36 PDT
To: Alan Olsen <alano@teleport.com>
Subject: Re: [NOISE] Re: Easter Eggs
In-Reply-To: <199509261959.MAA28501@desiree.teleport.com>
Message-ID: <9509271335.AA26916@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


    Date: Tue, 26 Sep 1995 12:59:54 -0700
    From: Alan Olsen <alano@teleport.com>
    
    You also need X windows to find the Mozilla animated icon hack on
    Jammie Zawinski's page.
    ^^^^^^

Just for the record, that's Jamie.

    obNetscapeHack: There is a feature called a "cookie file" in
    Netscape that is ripe for exploitation as a security leak.  If you
    are using a Netscape server (and you may not even need that), you
    can feed all sorts of information into it without the user's
    knowlege.  I have heard of one page that overloads the cookie file
    until the machine runs out of drive space.  I am sure that there
    are other exploitable holes there...  Any takers?

Yikes!  That sounds really bad.  Do you have any more information on
this?  For example, can the server write to anything other than
$HOME/.netscape-cookies?  If I write protect that file, but it's still
owned by me, will Netscape still modify it?

--
Rick Busdiecker                        Please do not send electronic junk mail!
 net: rfb@lehman.com or rfb@cmu.edu    PGP Public Key: 0xDBD9994D
 www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html
 send mail, subject "send index" for mailbot info, "send pgp key" gets my key
A `hacker' is one who writes code.  Breaking into systems is `cracking'.