From: Nesta Stubbs <nesta@cynico.com>
To: cypherpunks@toad.com
Message Hash: 24ae3de88392a24754c1614ae4437f8c75974f7b82749a6b78f007f1da172dc7
Message ID: <Pine.BSD.3.91.951018082550.22548B-100000@miso.wwa.com>
Reply To: <9510181156.AA11525@all.net>
UTC Datetime: 1995-10-18 13:46:41 UTC
Raw Date: Wed, 18 Oct 95 06:46:41 PDT
From: Nesta Stubbs <nesta@cynico.com>
Date: Wed, 18 Oct 95 06:46:41 PDT
To: cypherpunks@toad.com
Subject: Re: Postscript in Netscape
In-Reply-To: <9510181156.AA11525@all.net>
Message-ID: <Pine.BSD.3.91.951018082550.22548B-100000@miso.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain
On Wed, 18 Oct 1995, Dr. Frederick B. Cohen wrote:
> WRONG!!! Netscape claims to be "secure" - hence it is Netscape's job to
> be secure - regardless of the user's use of their product. Otherwise,
> the ads should read:
>
That just doesn't make all that much sense. "regardless of the users use
of their product"? Sure, like PGP should be considered insecure software
because as a user I could use it on an ISP, and make my passwd two
characters long and leave it set as an environment variable in the shell
for the pre-mail script I have.
> "Netscape can be used securely by sufficiently knowledgeable
> users who have emasculated their postscript interpreters before
> using them to view files of unknown origin, and who have removed
> all other known, unknown, and/or undisclosed security holes from
> their systems. Otherwise, Netscape is insecure and should not be
> trusted."
No, otherwise the postscript viewer is insecure. Netscape is not
handling the postscript code, just passing it along. It does not come
with an application for postscript automagically setup for the user so
you can't blame it for spawning an application without the users
knowledge. Maybe there should(or is there already) be a note in the docs
mentioning this, but of all the regular users I know, none of them read
documentation. To expect a system to call itself insecure because the
user is stupid and invites evil in doesn't make much sense. So I guess
Java can NEVER be secure because if I want I can enable native calls and
all the file access classes and other dangerous stuff for any application
I want to and shut down all the inbuilt security. It's Suns fault that
I'm dumb as a brick wall?
Nesta Stubbs "Betsy, can you find the Pentagon for me?
Cynico Network Consulting It has five sides and a big parking lot"
nesta@cynico.com -Fred McMurray-
Return to October 1995
Return to “Westcan1@softnc1.softnc.com (West Canadian Graphics)”