1995-09-22 - Re: Another Netscape Bug (and possible security hole)
Header Data
From: “Perry E. Metzger” <perry@piermont.com>
To: Ray Cromwell <rjc@clark.net>
Message Hash: 872240a3b061d9229333e5b6d8a6c32fa7a8ad076601aa1186171b1424a9b8e7
Message ID: <199509221236.IAA03762@frankenstein.piermont.com>
Reply To: <199509220715.DAA27920@clark.net>
UTC Datetime: 1995-09-22 12:36:15 UTC
Raw Date: Fri, 22 Sep 95 05:36:15 PDT
Raw message
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 22 Sep 95 05:36:15 PDT
To: Ray Cromwell <rjc@clark.net>
Subject: Re: Another Netscape Bug (and possible security hole)
In-Reply-To: <199509220715.DAA27920@clark.net>
Message-ID: <199509221236.IAA03762@frankenstein.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
Ray Cromwell writes:
> THIS IS A SERIOUS BUG!
[...]
> [I hear Perry in the background groaning and muttering "I told you so"]
Of course I told you so. I knew what I was saying when I mentioned
buffer overflows being a big problem in code written by the NCSA team,
most of whom went over to Netscape When at NCSA, they showed very
little capacity to learn this lesson no matter how many cracks
occured. They always just tried to kludge around the thing instead of
fixing it. When I write security oriented code, I outright ban the use
of certain C library calls.
> These buffer overflow bugs should be taught in every programming
> 101 course along with fencepost errors.
>
> I'm not even sure if I want to write the obligatory program to exploit
> the hack given that some malicious jerk would probably use it
> on his home page to attack people.
The problem is that if you don't produce a (benign) exploit people
aren't going to take it seriously enough.
Perry
Thread
Return to September 1995
- Return to “David Lesher <wb8foz@nrk.com>”
- Return to “Duncan Frissell <frissell@panix.com>”
- Return to “futplex@pseudonym.com (Futplex)”
- Return to “heesen@zpr.uni-koeln.de (Rainer Heesen)”
- Return to “jsw@neon.netscape.com (Jeff Weinstein)”
- Return to “Laurent Demailly <dl@hplyot.obspm.fr>”
- Return to ““Perry E. Metzger” <perry@piermont.com>”
- Return to “Ray Cromwell <rjc@clark.net>”
Return to “sameer <sameer@c2.org>”
- 1995-09-22 (Thu, 21 Sep 95 23:12:30 PDT) - Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Thu, 21 Sep 95 23:52:42 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 00:15:47 PDT) - Re: Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 01:14:47 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 01:30:13 PDT) - YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 01:37:09 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 01:50:22 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 02:46:54 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - heesen@zpr.uni-koeln.de (Rainer Heesen)
- 1995-09-22 (Fri, 22 Sep 95 02:29:06 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-22 (Fri, 22 Sep 95 02:36:12 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 05:48:01 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-26 (Tue, 26 Sep 95 05:58:03 PDT) - Re: Another Netscape Bug (and possible security hole) - David Lesher <wb8foz@nrk.com>
- 1995-09-22 (Fri, 22 Sep 95 01:30:13 PDT) - YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 05:36:15 PDT) - Re: Another Netscape Bug (and possible security hole) - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-22 (Fri, 22 Sep 95 07:39:36 PDT) - Re: Another Netscape Bug (and possible security hole) - sameer <sameer@c2.org>
- 1995-09-22 (Fri, 22 Sep 95 10:14:04 PDT) - Re: Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 11:28:44 PDT) - Re: Another Netscape Bug (and possible security hole) - sameer <sameer@c2.org>
- 1995-09-25 (Mon, 25 Sep 95 13:47:57 PDT) - Re: Another Netscape Bug (and possible security hole) - Laurent Demailly <dl@hplyot.obspm.fr>
- 1995-09-26 (Tue, 26 Sep 95 05:02:10 PDT) - Re: Another Netscape Bug (and possible security hole) - Duncan Frissell <frissell@panix.com>
- 1995-09-22 (Fri, 22 Sep 95 01:14:47 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 00:15:47 PDT) - Re: Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 00:34:29 PDT) - Re: Another Netscape Bug (and possible security hole) - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-22 (Fri, 22 Sep 95 03:15:46 PDT) - Re: Another Netscape Bug (and possible security hole) - Laurent Demailly <dl@hplyot.obspm.fr>
- 1995-09-22 (Fri, 22 Sep 95 05:25:00 PDT) - Re: Another Netscape Bug (and possible security hole) - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-22 (Thu, 21 Sep 95 23:52:42 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)