Is Jeff or any of the other netscape posters here officially??
I speak for myself. I am not an official Netscape spokescritter, and have no desires to be one.
Or are they here, just out of personal curiosity (without their employers knowledge, I mean ...) cause they have a whole lot of spare time on their hands to learn about cryptography and security.
I don't have a lot of spare time, but I do consider reading the messages going to cypherpunks as part of my job. (Well at least some of each message. :-)
I wish one of them (or Netscape) would make an official comment to make sure that the record is straight, and that there is no mis-reporting.
On what topic?
- Netscape has known about this problem since last week's scathing public attack and demonstration of the problem which included sample code posted to the Internet??
I am not quite sure what problem you are talking about? NFS and MITM ftp attacks?
- If you run and use a Netscape client, that any machine anywhere in the world if it's on the Net could retrieve all of the files off of your hard drive or LAN??
Or even worse ... erase files on your Hard drive and wipe you out??
Can you expand on this? I am not aware that any of the executables we have shipped do this. If you get a compromised version of any program (i.e. one that some attacker has changed) then that changed version will do whatever the attacker has built it to do. This is not a Netscape specific issue.
- Even if your machine is behind a firewall or proxy server, that there is no protection?? That you can't do anything??
Firewalls and proxies help against many attacks. Without knowing which one you mean, it's impossible to respond intelligently. (In particular I know of no sites that allow NFS packets to cross a firewall boundary.) PK -- Philip L. Karlton karlton@netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation