From: fc@all.net (Dr. Frederick B. Cohen)
To: jsw@netscape.com (Jeff Weinstein)
Message Hash: 78f01108aa70916321cfd87afa1df810043e7d32a04a0ddc6fba909075ffcdce
Message ID: <9510181233.AA12939@all.net>
Reply To: <3084F191.56FE@netscape.com>
UTC Datetime: 1995-10-18 12:35:41 UTC
Raw Date: Wed, 18 Oct 95 05:35:41 PDT
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Wed, 18 Oct 95 05:35:41 PDT
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: Postscript in Netscape
In-Reply-To: <3084F191.56FE@netscape.com>
Message-ID: <9510181233.AA12939@all.net>
MIME-Version: 1.0
Content-Type: text
> > WRONG!!! Netscape claims to be "secure" - hence it is Netscape's job to
> > be secure - regardless of the user's use of their product. Otherwise,
> > the ads should read:
> >
> > "Netscape can be used securely by sufficiently knowledgeable
> > users who have emasculated their postscript interpreters before
> > using them to view files of unknown origin, and who have removed
> > all other known, unknown, and/or undisclosed security holes from
> > their systems. Otherwise, Netscape is insecure and should not be
> > trusted."
>
> Why did I know you would be showing up in this discussion? You
> wouldn't be related to alice de 'nonymous would you?
Is it Netscape's position that when people call them on their statements
they make irrelevant comments and inflamatory remarks toward legitimate
researchers who are freely helping them understand the security issues
they apparently don't understand?
> I don't believe that Netscape claims to be some magic bullet that
> will suddenly make your system secure when you install it. We also
> don't claim that it will detect viruses.
You claim that you provide secure net access for the purposes of
transactions - which you don't - and you have gotten an enormous amount
of money from people who don't understand these issues based, at least
in part, on your false claims. Some people might interpret that as fraud.
Now instead of trying to insult and put down people who have legitimate
security concerns, you personally attack individuals, try to redirect the
discussion away from the security flaws in Netscape, and try to hush the
discussion with:
> Dont you think we've wasted enough bandwidth on this? I'm sure
> most readers of this list are sick of it by now.
I think that you should give a copy of this and the other messages on
this topic to someone at Netscape who is responsible for protection and
ask them to speak for the company and address these issues head on.
Regardless of your disclaimer, when you speak on the net, we hear
Netscape, and the sounds are starting to sound more and more like
Microsoft to me.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Return to October 1995
Return to “Westcan1@softnc1.softnc.com (West Canadian Graphics)”