From: tomw@orac.engr.sgi.com (Tom Weinstein)
Date: Fri, 20 Oct 95 05:50:20 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape rewards are an insult
In-Reply-To: <DGq01x.ADx@sgi.sgi.com>
Message-ID: <199510201250.FAA15055@orac.engr.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <DGq01x.ADx@sgi.sgi.com>, Aleph One <aleph1@dfw.net> writes:
> On Thu, 19 Oct 1995 anonymous-remailer@shell.portal.com wrote:

>> >   NETSCAPE CLIENT APIS (NCAPIS) 2.0

>> Generally, we don't routinely trust every other computer, foreign or 
>> domestic on the Internet to manipulate us by remote control.  This is
>> as basic as the idea that we don't give out our PIN numbers with our 
>> banking cards to anyone who asks us.  

> Have you actually read the stuff? The NCAPIS is not on by default.
> You *must* enable it by tellling it to which port to listen on.
> Further more Mosaic had a remote control API before Netscape did.

They can also be used only from the local machine on Windows or from any
machine your X server trusts on Unix.  Unless the attacker can control
what software is installed on the target system, there's no way for him
to use this to his advantage.  Of course, there's always the possibility
of exploting bugs, but that's not a "flawed algorithm".

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@engr.sgi.com