In article <DGq01x.ADx@sgi.sgi.com>, Aleph One <aleph1@dfw.net> writes:
On Thu, 19 Oct 1995 anonymous-remailer@shell.portal.com wrote:
NETSCAPE CLIENT APIS (NCAPIS) 2.0
Generally, we don't routinely trust every other computer, foreign or domestic on the Internet to manipulate us by remote control. This is as basic as the idea that we don't give out our PIN numbers with our banking cards to anyone who asks us.
Have you actually read the stuff? The NCAPIS is not on by default. You *must* enable it by tellling it to which port to listen on. Further more Mosaic had a remote control API before Netscape did.
They can also be used only from the local machine on Windows or from any machine your X server trusts on Unix. Unless the attacker can control what software is installed on the target system, there's no way for him to use this to his advantage. Of course, there's always the possibility of exploting bugs, but that's not a "flawed algorithm". -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw@engr.sgi.com