Robert Hettinga wrote:
All this reminds me of something Tim May, Eric Hughes, and others have said before. Once you've gotten to the point where loss of security equals, in a very literal sense, loss of money, the incentive to publicize any given security hole starts to go away.
The Netscape PR department is no doubt preparing to spin the "bug fix" into a "major update." The fact of the matter is, the software does exactly what it was designed to do. The fact that those who are "out of the loop" found out how to use that designed feature does not make it a "bug." When the list got spammed with email from 10,000 Laker fans named "Bubba," I blasted plaidworks.com for their rudeness in trying to place all the blame on "hackers" when the fact was that they left their system wide open to abuse for the sake of convenience and profit. Similarly, the government and corporations want systems designed to allow them access to all available information passing through the internet system and then cry "abuse" or "security bug" when individuals discover how to use the design to their advantage. Calling the Netscape feature a "bug" merely serves to draw attention away from the fact that the software was intentionally designed in order to facilitate snooping (ala Clipper chip?) and that indicates that there have been people who have known how to take advantage of the feature since its implementation. Do the people who instituted the design and development of this snooping feature all have "Good Guy" stamped on their forhead? Sure they do... TruthMonger