1995-10-18 - Postscript in Netscape

Header Data

From: fc@all.net (Dr. Frederick B. Cohen)
To: jsw@netscape.com (Jeff Weinstein)
Message Hash: 90aabcce64fd32413baec2be0f712a17f8325db37eb799fb3149a98c7aa7f6a3
Message ID: <9510181156.AA11525@all.net>
Reply To: <3084DD5B.4AD1@netscape.com>
UTC Datetime: 1995-10-18 11:59:14 UTC
Raw Date: Wed, 18 Oct 95 04:59:14 PDT

Raw message

From: fc@all.net (Dr. Frederick B. Cohen)
Date: Wed, 18 Oct 95 04:59:14 PDT
To: jsw@netscape.com (Jeff Weinstein)
Subject: Postscript in Netscape
In-Reply-To: <3084DD5B.4AD1@netscape.com>
Message-ID: <9510181156.AA11525@all.net>
MIME-Version: 1.0
Content-Type: text


Jeff Weinstein - Electronic Munitions Specialist Wrote:

...
>   If a user configures a postscript viewer that has not had the
> file operations disabled as a helper app to any web browser then
> they are opening themselves up for a world of hurt.  The same is
> true if they just download the file and run their viewer on it
> manually.  The same is true if they configure /bin/sh as an
> external viewer.
> 
>   Obviously everyone should heed perry's warnings and emasculate
> their postscript interpreters before using them to view files
> of unknown origin.

WRONG!!! Netscape claims to be "secure" - hence it is Netscape's job to
be secure - regardless of the user's use of their product.  Otherwise,
the ads should read:

	"Netscape can be used securely by sufficiently knowledgeable
	users who have emasculated their postscript interpreters before
	using them to view files of unknown origin, and who have removed
	all other known, unknown, and/or undisclosed security holes from
	their systems.  Otherwise, Netscape is insecure and should not be
	trusted."

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236

Thread

• Return to October 1995

• Return to “fc@all.net (Dr. Frederick B. Cohen)”
• Return to ““J. R. Valverde (EMBL Outstation: the EBI)” <txomsy@ebi.ac.uk>”
• Return to “Jeff Weinstein <jsw@netscape.com>”
• Return to “Julius Cisek <jules@netscape.com>”
• Return to “Mats Bergstrom <asgaard@sos.sll.se>”
• Return to “Nesta Stubbs <nesta@cynico.com>”
• Return to “Phil Karlton <karlton@netscape.com>”
• Return to “s1018954@aix2.uottawa.ca”
• Return to “sameer <sameer@c2.org>”
• Return to “Simon Spero <ses@tipper.oit.unc.edu>”

• Return to “Westcan1@softnc1.softnc.com (West Canadian Graphics)”

• 1995-10-17 (Tue, 17 Oct 95 11:49:55 PDT) - Re: Netscape rewards are an insult - Westcan1@softnc1.softnc.com (West Canadian Graphics)
  • 1995-10-17 (Tue, 17 Oct 95 16:27:08 PDT) - Re: Netscape rewards are an insult - Jeff Weinstein <jsw@netscape.com>
  • 1995-10-18 (Tue, 17 Oct 95 20:39:40 PDT) - Re: Netscape rewards are an insult - Phil Karlton <karlton@netscape.com>
    • 1995-10-18 (Tue, 17 Oct 95 21:56:33 PDT) - Re: Netscape rewards are an insult - sameer <sameer@c2.org>
      • 1995-10-18 (Tue, 17 Oct 95 22:45:42 PDT) - Netscape whining virus, was Re: Netscape rewards are an insult - s1018954@aix2.uottawa.ca
        • 1995-10-18 (Wed, 18 Oct 95 03:05:38 PDT) - Re: Netscape whining virus - Mats Bergstrom <asgaard@sos.sll.se>
          • 1995-10-18 (Wed, 18 Oct 95 04:26:43 PDT) - Re: Netscape whining virus - s1018954@aix2.uottawa.ca
      • 1995-10-18 (Wed, 18 Oct 95 02:42:06 PDT) - The Anonymous Bounty Claim - Mats Bergstrom <asgaard@sos.sll.se>
      • 1995-10-18 (Wed, 18 Oct 95 04:00:28 PDT) - Re: The Anonymous Bounty Claim - Jeff Weinstein <jsw@netscape.com>
        • 1995-10-18 (Wed, 18 Oct 95 04:59:14 PDT) - Postscript in Netscape - fc@all.net (Dr. Frederick B. Cohen)
          • 1995-10-18 (Wed, 18 Oct 95 05:26:48 PDT) - Re: Postscript in Netscape - Jeff Weinstein <jsw@netscape.com>
            • 1995-10-18 (Wed, 18 Oct 95 05:35:41 PDT) - Re: Postscript in Netscape - fc@all.net (Dr. Frederick B. Cohen)
              • 1995-10-18 (Wed, 18 Oct 95 05:49:32 PDT) - Re: Postscript in Netscape - Jeff Weinstein <jsw@netscape.com>
              • 1995-10-18 (Wed, 18 Oct 95 06:53:43 PDT) - Re: Postscript in Netscape - Nesta Stubbs <nesta@cynico.com>
              • 1995-10-18 (Wed, 18 Oct 95 08:45:23 PDT) - Re: Postscript in Netscape - sameer <sameer@c2.org>
              • 1995-10-18 (Wed, 18 Oct 95 09:38:17 PDT) - Re: Postscript in Netscape - Simon Spero <ses@tipper.oit.unc.edu>
            • 1995-10-18 (Wed, 18 Oct 95 08:41:38 PDT) - Re: Postscript in Netscape - sameer <sameer@c2.org>
          • 1995-10-18 (Wed, 18 Oct 95 05:43:06 PDT) - Re: Postscript in Netscape - “J. R. Valverde (EMBL Outstation: the EBI)” <txomsy@ebi.ac.uk>
          • 1995-10-18 (Wed, 18 Oct 95 06:46:41 PDT) - Re: Postscript in Netscape - Nesta Stubbs <nesta@cynico.com>
        • 1995-10-19 (Wed, 18 Oct 95 18:49:59 PDT) - Re: Postscript in Netscape - Julius Cisek <jules@netscape.com>
          • 1995-10-19 (Wed, 18 Oct 95 19:35:07 PDT) - [NOISE] Re: Postscript in Netscape - fc@all.net (Dr. Frederick B. Cohen)
          • 1995-10-19 (Wed, 18 Oct 95 23:13:37 PDT) - Re: [NOISE] Re: Postscript in Netscape - Jeff Weinstein <jsw@netscape.com>
            • 1995-10-19 (Thu, 19 Oct 95 02:46:37 PDT) - Re: [NOISE] Re: Postscript in Netscape - fc@all.net (Dr. Frederick B. Cohen)