From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 19 Sep 95 02:55:00 PDT
To: hacknetscape@c2.org
Subject: Fundamental Netscape hack
Message-ID: <199509190954.CAA24686@ix.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Of course, one of the most serious security problems with Netscape servers
is that they run on machines sitting out there on the Internet where
anybody who can browse their services can attack them - that 128-bit
bullet-proof iron-clad front door isn't much help if the garage door is
unlocked because of some sendmail bug.  For most web applications,
the big security need is to send a chunk of encrypted data to some server
that will decrypt it and get you credit-card number or whatever,
but the standard SSL and S/HTTP protocols want to decrypt the data
to plaintext on the Web server before it can do anything like that.

(OK, I guess this doesn't win me a T-Shirt, since enough other people
have said similar things, but do I at least get a gif of the shirt
and a crayon so I can roll my own?  :-)  Good work, folks!
#---
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---