From: sameer <sameer@c2.org>
To: aba@atlas.ex.ac.uk
Message Hash: f7837d3b9cc2e5e5cc1bfb46f9317022523edf4d6ef9dd743b69d032366bc8ee
Message ID: <199509191403.HAA27655@infinity.c2.org>
Reply To: <28592.9509191106@exe.dcs.exeter.ac.uk>
UTC Datetime: 1995-09-19 14:08:27 UTC
Raw Date: Tue, 19 Sep 95 07:08:27 PDT
From: sameer <sameer@c2.org>
Date: Tue, 19 Sep 95 07:08:27 PDT
To: aba@atlas.ex.ac.uk
Subject: Re: NYT on Netscape Crack
In-Reply-To: <28592.9509191106@exe.dcs.exeter.ac.uk>
Message-ID: <199509191403.HAA27655@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain
>
> Sure that's hard to notice, but what you describe was an accident, ie
> the code wasn't working as you thought it was.
>
Also, the fact that the source isn't available meant that it
took quite some work to reveal the hole. In Eric's case, with
available source, his mistake was found and corrected.
>
> The moral in netscapes story is that closed systems are bad news.
> These things ideally need open review. And of course designing things
> with the expectation that they are secure with the *given* that the
> full algorithm is known.
Yes.
>
> Real shame because the rest of the software is very innovative
> compared to other browsers, and apparently good quality. Also may be
> a set back for net commerce, which is bad news.
>
Well if we hammer at 'em enough maybe they'll get their
security fixed. I still use netscape. I'm not going to stop using
netscape. (I'm not going to use netscape for anything sensitive
though, that's for sure.)
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
An Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") sameer@c2.org
Return to September 1995
Return to “sameer <sameer@c2.org>”