From: fc@all.net (Dr. Frederick B. Cohen)
To: mrm@netcom.com (Marianne Mueller)
Message Hash: 2efc99864f39e456ce7bff9fba6045345bf4af93af3bf5a8292c81dfa36ebd82
Message ID: <9511162108.AA08466@all.net>
Reply To: <199511161933.LAA18504@netcom20.netcom.com>
UTC Datetime: 1995-11-17 00:23:04 UTC
Raw Date: Fri, 17 Nov 1995 08:23:04 +0800
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Fri, 17 Nov 1995 08:23:04 +0800
To: mrm@netcom.com (Marianne Mueller)
Subject: Re: Java & Netscape security (reply to misc. postings)
In-Reply-To: <199511161933.LAA18504@netcom20.netcom.com>
Message-ID: <9511162108.AA08466@all.net>
MIME-Version: 1.0
Content-Type: text
> 3. Postscript considered dangerous: (insert-smiley)
>
> As for the question of someone invoking a postscript interpreter via a
> browser and thus opening up their system to some rogue postscript
> file: I think it would be great if either of these two things were to
> magically happen:
>
> 1) people would stop putting postscript docs on web pages
> because it's the wrong technology for WWW - it wastes
> bandwidth - it's hard to view & hence often ugly - everyone
> just prints it out anyway and then complains because there
> is no one "standard" implementation of postscript printing
> worldwide and there are dozens of minor problems
>
> 2) someone could implement a secure postscript previewer
> (whatever that means!)
>
> I doubt either of those two things will happen. The average Jo on the
> internet needs to understand that when s/he downloads binary files
> over the internet and run them from insecure programs on their local
> computer, well, s/he runs some risk. This risk might be tiny, but
> it's impossible to quantify loss. If I lose a poem that I'm writing,
> to me that's priceless, so I do not intend to imply that loss of data
> isn't tragic for the person who loses it. If you have data you can't
> bear to lose, be sure to practice safe computing. Perform backups
> regularly, and use judgement about which interpreters and executable
> programs you allow to run on your PC.
>
> Marianne
It seems clear from this that Netscape, or at least Marianne who seems
to speak for Netscpe, doesn't understand the protection issues that my
clients face. I will nevertheless forward this official Netscape line
to them so they can better understand why I tell them it is insecure.
--
-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Return to November 1995
Return to “rthomas@pamd.cig.mot.com (Robert Owen Thomas)”