1995-10-18 - Re: Netscape rewards are an insult

Header Data

From: Phil Karlton <karlton@netscape.com>
To: cypherpunks@toad.com
Message Hash: f58cda4e148e1803ed2dd9b2e5028c947c7444e2d452ea6404845c7696d154a1
Message ID: <308476FF.7815@netscape.com>
Reply To: <9510171851.AA13486@softnc.com>
UTC Datetime: 1995-10-18 03:39:40 UTC
Raw Date: Tue, 17 Oct 95 20:39:40 PDT

Raw message

From: Phil Karlton <karlton@netscape.com>
Date: Tue, 17 Oct 95 20:39:40 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape rewards are an insult
In-Reply-To: <9510171851.AA13486@softnc.com>
Message-ID: <308476FF.7815@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


> Is Jeff or any of the other netscape posters here officially??

I speak for myself. I am not an official Netscape spokescritter, and
have no desires to be one.

> Or are they here, just out of personal curiosity (without their employers
> knowledge, I mean ...) cause they have a whole lot of spare time on their
> hands to learn about cryptography and security.

I don't have a lot of spare time, but I do consider reading the
messages going to cypherpunks as part of my job. (Well at least some
of each message. :-)

> I wish one of them (or Netscape) would make an official comment to make
> sure that the record is straight, and that there is no mis-reporting.

On what topic?

>         - Netscape has known about this problem since last week's
>           scathing public attack and demonstration of the problem
>           which included sample code posted to the Internet??

I am not quite sure what problem you are talking about? NFS and MITM
ftp attacks?

>         - If you run and use a Netscape client, that any machine
>           anywhere in the world if it's on the Net could retrieve
>           all of the files off of your hard drive or LAN??
> 
>           Or even worse ... erase files on your Hard drive and
>           wipe you out??

Can you expand on this? I am not aware that any of the executables
we have shipped do this. If you get a compromised version of any
program (i.e. one that some attacker has changed) then that changed
version will do whatever the attacker has built it to do. This is not
a Netscape specific issue.

>         - Even if your machine is behind a firewall or proxy server,
>           that there is no protection??  That you can't do anything??

Firewalls and proxies help against many attacks. Without knowing
which one you mean, it's impossible to respond intelligently. (In
particular I know of no sites that allow NFS packets to cross a
firewall boundary.)

PK
--
Philip L. Karlton			karlton@netscape.com
Principal Curmudgeon			http://www.netscape.com/people/karlton
Netscape Communications Corporation

Thread

• Return to October 1995

• Return to “fc@all.net (Dr. Frederick B. Cohen)”
• Return to ““J. R. Valverde (EMBL Outstation: the EBI)” <txomsy@ebi.ac.uk>”
• Return to “Jeff Weinstein <jsw@netscape.com>”
• Return to “Julius Cisek <jules@netscape.com>”
• Return to “Mats Bergstrom <asgaard@sos.sll.se>”
• Return to “Nesta Stubbs <nesta@cynico.com>”
• Return to “Phil Karlton <karlton@netscape.com>”
• Return to “s1018954@aix2.uottawa.ca”
• Return to “sameer <sameer@c2.org>”
• Return to “Simon Spero <ses@tipper.oit.unc.edu>”

• Return to “Westcan1@softnc1.softnc.com (West Canadian Graphics)”

• 1995-10-17 (Tue, 17 Oct 95 11:49:55 PDT) - Re: Netscape rewards are an insult - Westcan1@softnc1.softnc.com (West Canadian Graphics)
  • 1995-10-17 (Tue, 17 Oct 95 16:27:08 PDT) - Re: Netscape rewards are an insult - Jeff Weinstein <jsw@netscape.com>
  • 1995-10-18 (Tue, 17 Oct 95 20:39:40 PDT) - Re: Netscape rewards are an insult - Phil Karlton <karlton@netscape.com>
    • 1995-10-18 (Tue, 17 Oct 95 21:56:33 PDT) - Re: Netscape rewards are an insult - sameer <sameer@c2.org>
      • 1995-10-18 (Tue, 17 Oct 95 22:45:42 PDT) - Netscape whining virus, was Re: Netscape rewards are an insult - s1018954@aix2.uottawa.ca
        • 1995-10-18 (Wed, 18 Oct 95 03:05:38 PDT) - Re: Netscape whining virus - Mats Bergstrom <asgaard@sos.sll.se>
          • 1995-10-18 (Wed, 18 Oct 95 04:26:43 PDT) - Re: Netscape whining virus - s1018954@aix2.uottawa.ca
      • 1995-10-18 (Wed, 18 Oct 95 02:42:06 PDT) - The Anonymous Bounty Claim - Mats Bergstrom <asgaard@sos.sll.se>
      • 1995-10-18 (Wed, 18 Oct 95 04:00:28 PDT) - Re: The Anonymous Bounty Claim - Jeff Weinstein <jsw@netscape.com>
        • 1995-10-18 (Wed, 18 Oct 95 04:59:14 PDT) - Postscript in Netscape - fc@all.net (Dr. Frederick B. Cohen)
          • 1995-10-18 (Wed, 18 Oct 95 05:26:48 PDT) - Re: Postscript in Netscape - Jeff Weinstein <jsw@netscape.com>
            • 1995-10-18 (Wed, 18 Oct 95 05:35:41 PDT) - Re: Postscript in Netscape - fc@all.net (Dr. Frederick B. Cohen)
              • 1995-10-18 (Wed, 18 Oct 95 05:49:32 PDT) - Re: Postscript in Netscape - Jeff Weinstein <jsw@netscape.com>
              • 1995-10-18 (Wed, 18 Oct 95 06:53:43 PDT) - Re: Postscript in Netscape - Nesta Stubbs <nesta@cynico.com>
              • 1995-10-18 (Wed, 18 Oct 95 08:45:23 PDT) - Re: Postscript in Netscape - sameer <sameer@c2.org>
              • 1995-10-18 (Wed, 18 Oct 95 09:38:17 PDT) - Re: Postscript in Netscape - Simon Spero <ses@tipper.oit.unc.edu>
            • 1995-10-18 (Wed, 18 Oct 95 08:41:38 PDT) - Re: Postscript in Netscape - sameer <sameer@c2.org>
          • 1995-10-18 (Wed, 18 Oct 95 05:43:06 PDT) - Re: Postscript in Netscape - “J. R. Valverde (EMBL Outstation: the EBI)” <txomsy@ebi.ac.uk>
          • 1995-10-18 (Wed, 18 Oct 95 06:46:41 PDT) - Re: Postscript in Netscape - Nesta Stubbs <nesta@cynico.com>
        • 1995-10-19 (Wed, 18 Oct 95 18:49:59 PDT) - Re: Postscript in Netscape - Julius Cisek <jules@netscape.com>
          • 1995-10-19 (Wed, 18 Oct 95 19:35:07 PDT) - [NOISE] Re: Postscript in Netscape - fc@all.net (Dr. Frederick B. Cohen)
          • 1995-10-19 (Wed, 18 Oct 95 23:13:37 PDT) - Re: [NOISE] Re: Postscript in Netscape - Jeff Weinstein <jsw@netscape.com>
            • 1995-10-19 (Thu, 19 Oct 95 02:46:37 PDT) - Re: [NOISE] Re: Postscript in Netscape - fc@all.net (Dr. Frederick B. Cohen)