From: Robert Hettinga <rah@shipwright.com>
To: cypherpunks@toad.com
Message Hash: 6dc44947f9e6f021150c2d0a921b9776b9319b1cbc4cfad2b5d2c29c9f4652a3
Message ID: <v030209a4afcb8c31bbc6@[139.167.130.246]>
Reply To: N/A
UTC Datetime: 1997-06-17 02:55:50 UTC
Raw Date: Tue, 17 Jun 1997 10:55:50 +0800
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 17 Jun 1997 10:55:50 +0800
To: cypherpunks@toad.com
Subject: More about Netscape Bug finder
Message-ID: <v030209a4afcb8c31bbc6@[139.167.130.246]>
MIME-Version: 1.0
Content-Type: text/plain
--- begin forwarded text
Date: Mon, 16 Jun 1997 18:24:32 -0500
From: Bill GL Stafford <springco@arn.net>
Organization: Spring Management Company
MIME-Version: 1.0
To: "dcsb@ai.mit.edu" <dcsb@ai.mit.edu>
Subject: More about Netscape Bug finder
X-Priority: 3 (Normal)
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: Bill GL Stafford <springco@arn.net>
Christian Orellana, gambled $1000 and lost. Not the worst thing he could
have done. Now the world knows how Netscape approaches a potential
crisis. They did not panic although they may have come close to it. I've
seen that much lost in a cloak room with a pot not near as big as Christian
sought. Anyway you look at it it's just a roll of the dice.Bill GL Stafford
springco@arn.net
Wired Magazine on web
An Email Trail from Bug Spotter to
Netscape
6:01pm 13.Jun.97.PDT The following is a copy of the
email exchange between Netscape officials and
Christian Orellana, the Danish consultant who
found the Netscape Navigator bug. A copy of the
text was provided to Wired News by Netscape and
appears unedited. Wired News has chosen not to
publish Orellana's email address.
Subject: Major security bug in Netscape
Navigator 3 and 4
Date: Mon, 9 Jun 1997 19:19:13 +0200
From: Christian Orellana
To: stracy@netscape.com
Hello!
We have discovered a major security bug in
Netscape Navigator 3.0, which remains uncorrected
in the new Communicator release. The bug affects
Navigator running on all platforms in the standard
configuration.
The bug allows access to any file on the clients file
system, and does not affect Microsoft Internet
Explorer.
This bug is potentially very interesting to Netscape
considering that the new release of Navigator is due
in just three days.
The bug has not previously been reported, and
remains unknown to anyone but us (to the best of our
knowledge). Please get back to us a.s.a.p. (before
Netscape DevCon) if this knowledge is of any interest
to you. You can reach me at the phone number
below.
I have tried to reach Netscape for a while now, and if
Netscape remains uninterested in the issue I may
contact some other interested parties.
Yours sincerely,
Christian Orellans [sic]
---
Subject: Please confirm
Date: Mon, 9 Jun 1997 20:14:08 +0200
From: Christian Orellana
To: stracy@netscape.com
Hello!
Could you please confirm that you have received my
previous letter.
Also I would like to restate my claim that this is of the
utmost importance for the upcoming launch of
Communicator. The bug allows complete read access
to the clients hard disk.
Christian Orellana.
---
Subject: Re: [Fwd: Major security bug in
Netscape Navigator 3 and 4]
Date: Mon, 09 Jun 1997 11:51:04 -0700
From: edithg@netscape.com (Edith Gong)
Organization: Netscape Communications
To: Shannon Tracy , lalam@netscape.com
References:
<339C3C32.FE3F5683@netscape.com>
Shannon,
I don't know what else to do. Can someone in DSE
contact this person to get the details by phone. We
can't investigate until we understand what the issue is.
I'll see if someone in tech support can contact the
customer
Edith
---
Subject: Re: Please confirm
Date: Mon, 09 Jun 1997 12:00:03 -0700
From: Shannon Tracy
Organization: Netscape Communications
To: Christian Orellana
References:
Dear Christian Orellana:
Yes, I received your message. The project manager
just responded that they are trying to find someone to
contact you, however, we can't investigate until we
understand what the issue is. Can you please furnish
a few additional details so that we know who best
might be able to handle this situation?
Thanks,
Shannon Tracy
---
Subject: Re: Please confirm
Date: Mon, 9 Jun 1997 21:11:44 +0200
From: Christian Orellana
To: stracy@netscape.com (Shannon Tracy)
References:
Dear Shannon.
In short the first version of the bug I had up and
running allowed me to get any file whose path I knew
on the clients hard disk. I just got another version up
and running, and considering that the location of
quite a few files on a typical windows/mac/unix
installation is pretty well known, it should be no
surprise that this new version can actually scan the
clients harddisk for specific files, and download them.
I can not reveal much more detail, without giving
away the bug, which I will not do, since I think this
information is so valuable to Netscape that it should
be worth a good deal of money. The information is
certainly worth a bit on the free market, and I am
currently awaiting responses from other parties.
In other words I think the person most suited for
handling this, is someone in charge of the company
check book (-;
Regards - Christian
---
Subject: final note on Navigator bug
Date: Mon, 9 Jun 1997 23:07:59 +0200
From: Christian Orellana
To: stracy@netscape.com (Shannon Tracy)
Netscape:
I think my approach to you on this subject has been
fair and serious. I am offering you a piece of
information that I consider of very high value. The
implications of the bug mentioned in previous emails
are immense.
Considering the widespread use of home-banking
software, not to mention the impact on multiuser
systems in the government and corporate sector, like
unix and NT environments, where access to the
encrypted password-files would render the systems
extremely vulnerable, I think all pre Communicator
versions of Navigator (supposing you fix the bug in
Communicator) would be pretty useless. I will leave it
to you to estimate what impact that would have on
Netscape stocks.
I have to inform you that David Gross at CNN is on
hold with the news, and is only waiting for me to give
him the final demonstration, to verify the bug.
I must also inform you that CNN is not the only
interested party, and that I will consider my options
once I get Netscape's standpoint on the matter.
I would be more than happy to give a demonstration
of the bug, under controlled circumstances, but we
would have to sign some sort of agreement first.
Regards, Christian Orellana.
---
Subject: Re: [Fwd: Major security bug in
Netscape Navigator 3 and 4]
Date: Thu, 12 Jun 1997 16:40:33 -0700
From:chrish@netscape.com (Chris Holten)
Organization: Netscape Communications
To:chrish@netscape.com
References: 1
Subject: Major security bug in Netscape
Navigator 3 and 4
Date: Mon, 9 Jun 1997 19:19:13 +0200
From: Christian Orellana
To: stracy@netscape.com
Hello!
We have discovered a major security bug in
Netscape Navigator 3.0, which remains uncorrected
in the new Communicator release. The bug affects
Navigator running on all platforms in the standard
configuration. The bug allows access to any file on
the clients file system, and does not affect Microsoft
Internet Explorer.
This bug is potentially very interesting to Netscape
considering that the new release of Navigator is due
in just three days.
The bug has not previously been reported, and
remains unknown to anyone but us (to the best of our
knowledge).
Please get back to us a.s.a.p. (before Netscape
DevCon) if this knowledge is of any interest to you.
You can reach me at the phone number below.
I have tried to reach Netscape for a while now, and if
Netscape remains uninterested in the issue I may
contact some other interested parties.
Yours sincerely,
Christian Orellans
---
Subject: Please confirm
Date: Mon, 9 Jun 1997 20:14:08 +0200
From: Christian Orellana
To: stracy@netscape.com
Hello!
Could you please confirm that you have received my
previous letter.
Also I would like to restate my claim that this is of the
utmost importance for the upcoming launch of
Communicator. The bug allows complete read access
to the clients hard disk.
Christian Orellana.
For help on using this list (especially unsubscribing), send a message to
"dcsb-request@ai.mit.edu" with one line of text: "help".
--- end forwarded text
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
Return to June 1997
Return to “Tom Weinstein <tomw@netscape.com>”