1997-06-13 - Netscape Security Flaw is a Feature
Header Data
From: Tim May <tcmay@got.net>
To: cypherpunks@cyberpass.net
Message Hash: fcd3e10959a7519bf14f2179f8390c0a40196c38970f2ce6b75c5ca1087cf131
Message ID: <v03102802afc67bb040fb@[207.167.93.63]>
Reply To: N/A
UTC Datetime: 1997-06-13 04:39:49 UTC
Raw Date: Fri, 13 Jun 1997 12:39:49 +0800
Raw message
From: Tim May <tcmay@got.net>
Date: Fri, 13 Jun 1997 12:39:49 +0800
To: cypherpunks@cyberpass.net
Subject: Netscape Security Flaw is a Feature
Message-ID: <v03102802afc67bb040fb@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain
Many of us have been watching the CNN reports--headline reports at
that--that all past and current versions of Netscape on all platforms have
reportedly carried the bug that allows any Web site being hit by Netscape
to examine files on the user's hard disk.
(A demonstration by the Danish team was compelling. CNN-FN generated a text
file, placed it on their hard disk, and accessed the Danish site. Moments
later, the Danes read back the text file. Over and over for more examples.
They _could have been_ the NSA Web site, and the files could have been
history files, passphrase files, etc. History files are common, and give
captured kestrokes, of course.)
But how could such a massive, massive flaw have gone undiscovered for so long?
The answer, "It's a feature, not a bug."
According to Netscape spokesmen, this feature was added to the kernel of
Mosaic, then Navigator, in 1993, as part of the Clipper Key Recovery
Program. As James Clarke put it an interview tonight on MSNBC, "Dorothy
Denning asked us to insert the "remote read" capabilities to ensure that
the legitimate needs of law enforcement are met. No person cruising the Web
has any expectation of privacy, as even Declan McCullagh has pointed out."
Marc Rotenberg commented, "Privacy at the individual user level is
unimportant, just so long as a Privacy Ombudsman can decide on the
legitimate needs of law enforcement."
Meanwhile, Microsoft has acknowledge that all lines to its Redmond site are
clogged by people dumping Navigator and trying to download Explorer.
--Tim May
There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^1398269 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."
Thread
Return to June 1997
- Return to “Bill Stewart <stewarts@ix.netcom.com>”
- Return to “Declan McCullagh <declan@pathfinder.com>”
- Return to “Kris Carlier <root@iguana.be>”
- Return to “Marc Rotenberg <rotenberg@epic.org>”
Return to “Tim May <tcmay@got.net>”
- 1997-06-13 (Fri, 13 Jun 1997 12:39:49 +0800) - Netscape Security Flaw is a Feature - Tim May <tcmay@got.net>
- 1997-06-13 (Fri, 13 Jun 1997 22:49:55 +0800) - Re: Netscape Security Flaw is a Feature - Marc Rotenberg <rotenberg@epic.org>
- 1997-06-13 (Fri, 13 Jun 1997 23:37:02 +0800) - Re: Netscape Security Flaw is a Feature - Bill Stewart <stewarts@ix.netcom.com>
- 1997-06-13 (Sat, 14 Jun 1997 01:15:58 +0800) - Re: Netscape Security Flaw is a Feature - Declan McCullagh <declan@pathfinder.com>
- 1997-06-13 (Sat, 14 Jun 1997 01:27:18 +0800) - Re: Netscape Security Flaw is a Feature - Tim May <tcmay@got.net>
- 1997-06-13 (Sat, 14 Jun 1997 05:42:40 +0800) - Re: Netscape Security Flaw is a Feature - Kris Carlier <root@iguana.be>
- 1997-06-14 (Sat, 14 Jun 1997 09:56:32 +0800) - Re: Netscape Security Flaw is a Feature - Tim May <tcmay@got.net>