1995-11-17 - Re: Java & Netscape security (reply to misc. postings)

Header Data

From: cjs@netcom.com (cjs)
To: fc@all.net (Dr. Frederick B. Cohen)
Message Hash: 02dcf8c3e84f005cc8d1acf62cf6e41ac455aafffa826f7270e660c80ab6cb3d
Message ID: <199511170156.RAA17754@netcom20.netcom.com>
Reply To: <9511162108.AA08466@all.net>
UTC Datetime: 1995-11-17 03:25:40 UTC
Raw Date: Fri, 17 Nov 1995 11:25:40 +0800

Raw message

From: cjs@netcom.com (cjs)
Date: Fri, 17 Nov 1995 11:25:40 +0800
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: Re: Java & Netscape security (reply to misc. postings)
In-Reply-To: <9511162108.AA08466@all.net>
Message-ID: <199511170156.RAA17754@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I keep telling you people.. if you keep giving Fred the attention, he
is never going to go away. Its blindingly obvious that he doesn't know
his ass from a hole in the ground, but if you keep telling him that,
its just going to encourage to post more, post more frequently, and
make a bigger fool of himself then he already has. Just ignore
everything he says. Make a proc-mail script to send his mails to
/dev/null or sends them through the text-to-hick filter. But whatever
you do, do *not* send him money, do *not* feed him, and *never* *ever*
no matter how much he begs, nt matter how much he pleads, *NEVER*
reply to this man's messages.

We need one of those little posters like the "Do not takes checks from
this man" ones in the grocery store.

Christopher

> > 3.  Postscript considered dangerous:   (insert-smiley) 
> > 
> > As for the question of someone invoking a postscript interpreter via a
> > browser and thus opening up their system to some rogue postscript
> > file: I think it would be great if either of these two things were to
> > magically happen:
> > 
> > 	1) people would stop putting postscript docs on web pages
> > 	because it's the wrong technology for WWW - it wastes
> > 	bandwidth - it's hard to view & hence often ugly - everyone
> > 	just prints it out anyway and then complains because there
> > 	is no one "standard" implementation of postscript printing
> > 	worldwide and there are dozens of minor problems
> > 
> > 	2) someone could implement a secure postscript previewer
> > 	(whatever that means!) 
> > 
> > I doubt either of those two things will happen.  The average Jo on the
> > internet needs to understand that when s/he downloads binary files
> > over the internet and run them from insecure programs on their local
> > computer, well, s/he runs some risk.  This risk might be tiny, but
> > it's impossible to quantify loss.  If I lose a poem that I'm writing,
> > to me that's priceless, so I do not intend to imply that loss of data
> > isn't tragic for the person who loses it.  If you have data you can't
> > bear to lose, be sure to practice safe computing.  Perform backups
> > regularly, and use judgement about which interpreters and executable
> > programs you allow to run on your PC.
> > 
> > Marianne
> 
> It seems clear from this that Netscape, or at least Marianne who seems
> to speak for Netscpe, doesn't understand the protection issues that my
> clients face.  I will nevertheless forward this official Netscape line
> to them so they can better understand why I tell them it is insecure.
> 
> -- 
> -> See: Info-Sec Heaven at URL http://all.net/
> Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236







Thread