From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 28 Sep 95 01:39:32 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Another Netscape Bug (and possible security hole)
Message-ID: <199509280839.BAA02982@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:44 PM 9/27/95 -0400, Futplex <futplex@pseudonym.com> wrote:
>However, a certain amount of common sense will go a long way in avoiding ugly
>incidents. To put it simply, "look before you leap". Before you click on a
>link, look at the status bar at the bottom of the Netscape window (in the
>Unix version at least) that displays the URL of the link under the pointer.

One of the later versions of the hack hid the large href inside the page
as an IMG; the URL for the page looked mostly harmless (other than being
named "bug2" or "hack2" :-); I think it was Ray's.  Blowed up real good.

"Push to test" ..... "Release to detonate"


>"What if you knew her, and found her dead on the ground ?
> How can you run when you know ?" -Neil Young
Well, Nixon's not coming any more, but this is it, we're on our own...
#---
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---