1996-12-12 - Re: NEWS: Web Security Hole Revealed

Header Data

From: ichudov@algebra.com (Igor Chudov @ home)
To: rah@shipwright.com (Robert Hettinga)
Message Hash: 67fd290b473e011652d62a83d350da94e2cbf6c7abdc43cc4e2fb633213b4d8d
Message ID: <199612120546.XAA05186@manifold.algebra.com>
Reply To: <v0300784baed5373421d5@[206.119.69.46]>
UTC Datetime: 1996-12-12 05:50:37 UTC
Raw Date: Wed, 11 Dec 1996 21:50:37 -0800 (PST)

Raw message

From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 21:50:37 -0800 (PST)
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: NEWS: Web Security Hole Revealed
In-Reply-To: <v0300784baed5373421d5@[206.119.69.46]>
Message-ID: <199612120546.XAA05186@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


does anyone know how to crash Microsoft IIS (MS webserver)?

many thanks

igor

Robert Hettinga wrote:
> 
> 
> --- begin forwarded text
> 
> 
> X-Sender: okeefe@olympus.net
> Mime-Version: 1.0
> Date: Wed, 11 Dec 1996 19:32:32 -0800
> To: N E W S   R E L E A S E  <IPS@olympus.net>
> From: "Steve O'Keefe" <IPS@olympus.net>
> Subject: NEWS: Web Security Hole Revealed
> 
> BREAKING NEWS
> For Release Thursday, December 12, 1996
> 
> MAJOR  WEB  SECURITY  FLAW  REVEALED
> 
> (New York) -- Edward Felten, head of Princeton University's
> Safe Internet Programming Team (SIP), today revealed a
> major security flaw in the Internet's World Wide Web.
> Called "web spoofing," the breach allows any Internet
> server to place itself between a user and the rest of the
> web. In that middle position, the server may observe, steal
> and alter any information passing between the unfortunate
> browser and the web.
> 
> All major web browsers are vulnerable to web spoofing,
> including Netscape Navigator and Microsoft Internet
> Explorer. Using web spoofing, a person can acquire
> passwords, credit card numbers, account numbers, and other
> private information, even if transmitted over an apparently
> secure connection.
> 
> The Boston Globe published an article about Felten's
> findings in this morning's "Plugged In" column. The story
> was written by Simson Garfinkel, technology columnist for
> HotWired's "Packet" news service. The complete story can be
> found at the following URL:
> 
> http://www.boston.com/globe/glohome.shtml
> 
> Felten will be demonstrating web spoofing TODAY, Thursday,
> December 12, at the Internet World expo at the Jacob K.
> Javits Convention Center in New York City. The
> demonstration will be held at the Wiley Computer Publishing
> Booth (#822) at 2:00 pm Eastern Time.
> 
> The web flaw is just the latest in a series of major
> Internet security problems uncovered by Felten and his
> team. Felten documents some of these problems in his new
> book, "Java Security: Hostile Applets, Holes, and
> Antidotes" to be published in January by Wiley Computer
> Publishing. For an advance review copy of the book, simply
> reply to this e-mail. For further information, please
> contact:
> 
> Edward Felten: felten@cs.princeton.edu
> (917) 972-3693 (cellular phone at Internet World)
> (609) 258-5906 (Princeton University)
> 
> Jeffrey DeMarrais: jdemarra@wiley.com
> Wiley Computer Publishing
> (212) 850-6630 (review copies, interviews)
> 
> Java Security Web Site:
> http://www.rstcorp.com/java-security.html
> 
> Safe Internet Programming Web Site:
> http://www.cs.princeton.edu/sip/
> 
> --- end forwarded text
> 
> 
> 
> -----------------
> Robert Hettinga (rah@shipwright.com)
> e$, 44 Farquhar Street, Boston, MA 02131 USA
> "The cost of anything is the foregone alternative" -- Walter Johnson
> The e$ Home Page: http://www.vmeng.com/rah/
> 
> 



	- Igor.





Thread