1995-09-28 - Re: Another Netscape Bug (and possible security hole)

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: f817dc8d45bcda168fdbaee4b55e5f73f0d318df7c25264bf1a8e1f8d3e8f4f4
Message ID: <199509280839.BAA02982@ix6.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-09-28 08:39:32 UTC
Raw Date: Thu, 28 Sep 95 01:39:32 PDT

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 28 Sep 95 01:39:32 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Another Netscape Bug (and possible security hole)
Message-ID: <199509280839.BAA02982@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:44 PM 9/27/95 -0400, Futplex <futplex@pseudonym.com> wrote:
>However, a certain amount of common sense will go a long way in avoiding ugly
>incidents. To put it simply, "look before you leap". Before you click on a
>link, look at the status bar at the bottom of the Netscape window (in the
>Unix version at least) that displays the URL of the link under the pointer.

One of the later versions of the hack hid the large href inside the page
as an IMG; the URL for the page looked mostly harmless (other than being
named "bug2" or "hack2" :-); I think it was Ray's.  Blowed up real good.

"Push to test" ..... "Release to detonate"


>"What if you knew her, and found her dead on the ground ?
> How can you run when you know ?" -Neil Young
Well, Nixon's not coming any more, but this is it, we're on our own...
#---
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---






Thread