In article <199509250649.CAA27099@clark.net>, rjc@clark.net (Ray Cromwell) writes:
I'm thinking from the standpoint of someone gathering data on someone or some server to mount a specific attack. a "most common directories on the macintosh" file for instance could be used to attack the current directory method.
Using those sources probably can't hurt, they just seemed like odd choices, "grasping for straws" so to speak.
I'd rather think of it as a "kitchen sink" approach :-). We are looking for bits wherever we can find them. We are not experts in the internals of all of our supported systems, so any suggestions people could provide for more high quality sources on specific systems would be appreciated.
Nevertheless, I would like to commend Netscape for releasing the source code for public review. You guys are clearly an intelligent company, in both your current developments, but also the way you have handled this bad press.
I'd like to add that management has been very supportive of this idea. Barksdale was in the cellular industry when their security through obscurity measures failed, so he knew exactly what we were talking about.
p.s. i hope you guys do a good internal review of your code to remove buffer overflow bugs
We have had code reviews. We will be fixing several of this sort of bug in the upcoming patch. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.