From: lethin@ai.mit.edu (Rich Lethin)
Date: Fri, 22 Sep 95 11:13:25 PDT
To: cypherpunks@toad.com
Subject: Worms and New Netscape Bug
Message-ID: <199509221813.OAA10129@grape-nuts.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Although Netscape will certainly fix their new bugs, it's likely that
many old copies will remain on computers on the net, and the holes
will remain.

Netscape could "fight" against this with a modified worms/webcrawler
which looks for blatantly dangerous domain names in URLs and reports
them to "CERT" or blockware companies like Surfwatch.  For example,
they'd find the foo* link at the bottom of 
My page

Not a complete solution obviously (e.g. the server could selectively
reply to requests, and hide from the webcrawler IP).

What happens when someone using the AOL browser clicks on one of these
HREF's... does it crash all of AOL?

---
Concurrent VLSI Arch. Group     545 Technology Sq., Rm. 610
MIT AI Lab                      Cambridge, MA 02139 (617)-253-0972