Re: [NOISE] Re: Postscript in Netscape
fc@all.net (Dr. Frederick B. Cohen) wrote:
The point I have been trying to make that many on this list seem to ignore again and again, is that Netscape makes the security claims. If you don't provide effective protection, don't make the claim. If you want to make the claim back it up with something other than media hype.
We are working on clarifying our security claims. Here is an example from the San Jose Mercury news on Aug. 17, 1995:
"We have said for a long time that given the right amount of computer power, that a 40-bit key encrypted message could be decrypted," said Mike Homer, Netscape's vice president of marketing.
"We" - I take it you are now speaking officially for Netscape? So how come Netscape doesn't even know how about Integrity shells and yet claims to be able to design secure systems for money transfers?
<flame=on> Give it a rest, Doc. You give all the rest of us Ph.D.'s a bad rep with this crap. Of course, if you went to that 4-year vocational school to get an M.D., I guess that's understandable. If you are so illiterate that you can't read the ascription (it says right up there, "said Mike Homer, Netscape's vice president of marketing"), then why do you (a) waste bandwidth and our time to go through this drivel, and (b) flame one Netscape employee for not knowing everything you know? If there are all of 5+ refereed publications in this area, how about giving references? It would take up less space than your recurring venom eruption! Or couldn't you understand the papers, given that you couldn't understand the news clip... <flame=off> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQENAzACleQAAAEH/2+41W3bZPuWU1gv6A0bq3a57bgCiCAbU1QY41f+NI1I8i/+ a/L314RIpCR0iCZhsNMHNI9rVovsbmOQE4Cf9YYL3cClUoE2VAsLOi9LAjlN8qYc kmAqpsGQ39eaKrnlC/0lxJtFZgypT4m9UIsTU986y3gyy+ZTWwxtbDaLBEdsTiH/ e+zosoBiXmwWYY1n+5yvaKLGMUwa20AKdoRCUgqhJQpkW0nAvItU6WhaqxwH6JXp KCNsuP6k8FBmcKZfSSvUphSOIJnARAq9K9UPhj5BeAy1vKZ416jfgeYQUTxHQOMT rTiQOYR/oAR35gBpGYg6p1lu6Ma5eDPtpBPadUUABRG0IFBhdHJpY2sgTGFtYiA8 cGRsYW1iQGlxdWVzdC5jb20+ =DZzp -----END PGP PUBLIC KEY BLOCK-----
...
(b) flame one Netscape employee for not knowing everything you know? If there are all of 5+ refereed publications in this area, how about giving references? It would take up less space than your recurring venom eruption! Or couldn't you understand the papers, given that you couldn't understand the news clip...
I tried to take this discussion off line with the Netscape employee, but he brought it back by CCing the list. The references are available on my W3 server (see the URL below) and searchable along with 350+ other references on information security, most of them annotated. In terms of taking up space, your replies to the list take up space as well. If you want me to list references for you, send me email without CCing the rest of the list, and I will send you more than you are likely to want to read. The people at Netscape STILL have not told those of us on the list what is meant by "security" in their claims. Does it include integrity? Confidentiality? Availabillity? Reduced liability? Something else? I await an responsive answer. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
I belive you have been told *SAVERAL* times you *WONT* get an answer on this list, and to contact their PR department. Why dont you do us all a favor. Contact the PR department if this questions really burns you so much. Get an answer. And post it on the list. Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Thu, 19 Oct 1995, Dr. Frederick B. Cohen wrote:
The people at Netscape STILL have not told those of us on the list what is meant by "security" in their claims. Does it include integrity? Confidentiality? Availabillity? Reduced liability? Something else? I await an responsive answer.
I belive you have been told *SAVERAL* times you *WONT* get an answer on this list, and to contact their PR department. Why dont you do us all a favor. Contact the PR department if this questions really burns you so much. Get an answer. And post it on the list.
So the PR department defines security at Netscape? -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
== Dr. Frederick B. Cohen once spoke... == So the PR department defines security at Netscape? perhaps not. however, i would bet that the PR dept. at Netscape could answer your questions. have you even *attempted* to contact Netscape directly? or are your questions merely rhetorical ramblings? regards, --robert -- o robert owen thomas: unix consultant. cymro ydw i. user scratching post. o o e-mail: Robert.Thomas@pamd.cig.mot.com --or-- robt@cymru.com o o vox: 708.435.7076 fax: 708.435.7360 o o "When I die, I want to go sleeping like my grandfather... o o Not screaming like the passengers in his car." o
AlephOne writes: # I belive you have been told *SAVERAL* times you *WONT* get an answer # on this list, and to contact their PR department. Dr. Frederick B. Cohen writes:
So the PR department defines security at Netscape?
I expect that the PR department defines Netscape's official position on the definition of security at Netscape. Are you not interested in Netscape's official position ? -Futplex <futplex@pseudonym.com>
Man oh man oh man... <Here> - <We> - <Go> - <A!Gain>... Rather than plague everyone with separate haranges for each of numberous messages about two separate obnoxious nusanse threads going on here - I've combined several messages together. I think I have kept the attributions straight. I've tried to add attributions where missing based on the "In-Reply-To:" headers. If I screwed anything up - sorry, I tried... It is long and contains history from another mailing list haunt. ************************************************** * WARNING - Category 5 Ad Hominem Attack on Full * * Afterburners dead ahead! * * * * Hit delete NOW if not interest! * * * * You have been warned! * ************************************************** <FLAME><STRONG><FIRE IN DA HOLE!> To quote a line from one of the "Nightmare on Elm Street" slasher flicks - "Freddie's Back!" There are several individuals on this list that I believe I recognize from the firewalls list. Those individuals are most likely already familiar with most of what I'm about to relate. Forgive me with dredging up old news in a new forum. "Dr." Frederick B. Cohen was a frequent contributer to the firewalls mailing list. Many of his contributions were ill researched and he often took great offense when anyone questioned one of his postings. Out of the thousands of contributers I've read from literally dozens and dozens of high volume lists I subscribe to, this is the only character I know who puts a "Dr" in his address. There are degrees floating all over the place out here (even got a couple myself - so what?). He appears to be the only one who seems to need this annointed authority to back his words. He may not realize that to some of us, waving a degree around like that, is a red letter warning to check everything he's preaching and that he's probably more full of shit than a christmas goose (his words tend to confirm that impression). He got into several disputes with some of the other lurkers on the firewalls list, including the moderator, Brent Chapman. Several of us got into debates, some on line, some off line, as to whether he was: 1) Really that ignorant and arrogant. 2) Baiting people because that's how he got his jollies. 3) Looking for any excuse to push his Info-Sec ad-signature. Many of us were of the opinion that it could have been a combination of all three but #3 was the decided front runner. Whatever his degree - the phrase "educated above and beyond his intellegence" comes to mind when I read one of his posts. Ill informed, opinionated, arrogant, and seemingly obsessed with his self worth are other terms. He developed a reputation about pontificating about things which he seemed to have little knowledge but to which he seemed to consider himself an authority on. He seem to have little interest in researching a topic before shooting his mouth off, and seemed to feel that his "Dr." conveyed some sort of infalibility on his opinions, turning opionion into fact, so to speak. To say he was less than graceful when someone would foolishly point out some of his errors would be putting it mildly. His tirads prompted one lurker on the firewalls list to add a line to his signature that went something like this: "Fine, so you've got a PhD, just don't touch anything!" In one posting he recommended "cutting the wire to the record head" on a floppy disk drive as a way to make it write protected. This was rather interesting in light of the fact that disk drives use combined read/write heads and have no separate "record head". Must have been thinking it was a tape recorder. His silly idea would have made the drive both write protected and read protected as well. When I quoted his article and pointed it out as a source of misinformation, he wrote me a message off-line wanting to know why HIS information was included in my article about misinformation. I had quoted most of his message, including his signature, in my posting. The information he quoted back to me was his "Info-Sec" signature. It seems his little tag line advertisements were more important to him than the BULLSH*T he was thumping on about. (Note point #3 above). In my reply, I asked him if the misinformation in the body of the message was in fact his or was someone forging messages in his name to discredit him. He did admit it was his. At this point, I will give him credit - he was very gracious in that instance, and admitted he had made a mistake. It was a distinct contrast, in private E-Mail, to his tone and manner on the public mailing lists. In <199510182319.QAA02924@netcom23.netcom.com> cjs@netcom.com wrote:
In <9510182213.AA05709@all.net> "Dr. Frederick B. Cohen" wrote: (^^^^ Attribution added - mine ^^^^)
50 Attacks: a.k.a. Why Not to Run Hot Java in your netscape (or other) browser:
Concept 1 - Hot Java code that, once started, takes and retains control of the viewer. It includes hot buttons, etc. that let you use common resources on the net, store favorite places, etc. When you push any button in this window, it simulates Hot Java within its own code, but all reads and writes contain code to restart the program (such as the "remember favorite places" button, etc.).
You are obviously disillusioned/ignorant about how the java runtime enviroment works, and what is possable with with its base class libraries. I'll bet that you have never ever read the programming guide or the virtual machine specs, and I encourage you to do so before you embarass yourself even more.
He doesn't seem to research his ideas before spouting them as gosphel. Once he has reached his "conclusion" he takes it as fact and expects us to accept it because he's a "Dr". I read the original "50 ways" article. I initially took it to be dead serious. Until I notice who the author was. Then I thought "it figures, validity = 0 -> drop in bit bucket". I came away with the impression that he was just spouting off, as is his way, and had not only not tested one single idea espoused therein but really hadn't a clue as to the validity of any of it. I got the impression that he expected us to accept his points on the weight of his degree alone, since he provided no evidence, just random speculations. I certainly did not see any humor in the article as he later would allege.
Christopher
P.S. Coming Soon! 50 things that could happen to flying pigs!
No joke. No doubt he will claim that they should be secure pigs! In <9510190047.AA14597@ communities.com> chip@communities.com (Chip Morningstar) wrote:
fc@all.net (Dr. Frederick B. Cohen) writes:
50 Attacks: a.k.a. Why Not to Run Hot Java in your netscape (or other) browser: ... (drivel elided)
This fellow seems to be systematically (if not deliberately) ignorant about these things.
Keep that point in mind. This may not be "accidental" ignorance here.
One of my co-workers reviewed his book on computer viruses in IEEE Multimedia and noted that it manifests many of the same fallacies. You can read it (the review, not the book) at
: Signature deleted : That would be very consistant with his writings on the firewalls list. I'll have to take a look at the review. Should be good for a few laughs at the very least! In <199510190110.SAA02346@netcom23.netcom.com> cjs@netcom.com (cjs) wrote:
fc@all.net (Dr. Frederick B. Cohen) wrote: (^^^^ Attribution added - mine ^^^^)
Boy, you people just don't appreciate anything that has a little bit of humor mixed with a little bit of reality.
Got'm! Now he claims it was humor.
A little reality?? I've seen episodes of Star Trek with more reality.
Agreed.
Get real,
Don't hold yer breath - that's not the gas he runs on. :-)
Christopher
In <199510191439.JAA05986@vespucci.iquest.com> pdlamb@iquest.com (Patrick Lamb) wrote:
fc@all.net (Dr. Frederick B. Cohen) wrote:
The point I have been trying to make that many on this list seem to ignore again and again, is that Netscape makes the security claims. If you don't provide effective protection, don't make the claim. If you want to make the claim back it up with something other than media hype.
We are working on clarifying our security claims. Here is an example from the San Jose Mercury news on Aug. 17, 1995:
"We have said for a long time that given the right amount of computer power, that a 40-bit key encrypted message could be decrypted," said Mike Homer, Netscape's vice president of marketing.
"We" - I take it you are now speaking officially for Netscape? So how come Netscape doesn't even know how about Integrity shells and yet claims to be able to design secure systems for money transfers?
<flame=on>
Give it a rest, Doc. You give all the rest of us Ph.D.'s a bad rep with this crap. Of course, if you went to that 4-year vocational school to get an M.D., I guess that's understandable.
Look beyond his statements. The more this continues the more excuse he has to post follow-ups, no matter how trivial. Maybe his motive is not to just drive home a point or rattle cages. But you are right - by waving his degree around like he does he's confirming all the stereotypes of "college" people who haven't got a clue or any connection with reality. That makes ALL of us look real bad and probably contributes to why some of us no longer think that a degree is all that very important any longer.
If you are so illiterate that you can't read the ascription (it says right up there, "said Mike Homer, Netscape's vice president of marketing"), then why do you (a) waste bandwidth and our time to go through this drivel, and (b) flame one Netscape employee for not knowing everything you know? If there are all of 5+ refereed publications in this area, how about giving references? It would take up less space than your recurring venom eruption! Or couldn't you understand the papers, given that you couldn't understand the news clip...
He would seem to be both illiterate (educated - maybe; degreed yes; literate - unlikely) and lacking in the ambition to research his topics. Maybe he's just so self assured in his inflability that he's just naturally a cocky bastard. Maybe it's a PhD in religion. That would fit. (Argh - sorry - cheap shot - appologies to any religious folk out there)
<flame=off>
In <9510191718.AA19952@all.net> Fredrick B. Cohen
In <Pine.SUN.3.90.951019115251.17527B-100000@dfw.net> "Aleph One" wrote:
I belive you have been told *SAVERAL* times you *WONT* get an answer on this list, and to contact their PR department. Why dont you do us all a favor. Contact the PR department if this questions really burns you so much. Get an answer. And post it on the list.
So the PR department defines security at Netscape?
-- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
This is exactly the trivia that makes so many of us believe that he's just in it for the shear numbers of posts he can crank out with his Info-Sec ad-signature. This shot carried nothing new or useful and accomplished little except furthering his efforts to always get the last word in and get another copy of his ad-signature out in front of everyone. Point - This signature is much smaller that the one he was plaguing the firewalls list with. This finally got so bad on the firewalls list that Brent Chapman ended up putting ole' Freddie on notice that he was on a short leash and no more of his nonsense would be tolerated or reposted. Brent exersized the patience of a glacier while many of the rest of us were sick and tired of this character. Brent finally acted to maintain the list in a state where the rest of us could get something productive from it. As is his way in trying to get the last word in, he shot off a snippy remark to Brent to "test" the moderator filter. Of course Brent let that one through to illustrate the author's pettiness, childishness, and immaturity. Let it not be said that Brent does not have a sense of humor, he let Freddie hang himself right pretty. </FIRE IN DA HOLE!></STRONG></FLAME> Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Hello?!@# Guess no one is home. Lets see do I look like I work at Netscape? Nope. Iam just repeating what I heard them told you for days now. And my guess is no. They PR department is just a channel to get answers. Do the White House PR department define policy? I hope not! But they are the ones what give the conferences and answer questions. Man, some people have a tick skull. Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Thu, 19 Oct 1995, Dr. Frederick B. Cohen wrote:
Date: Thu, 19 Oct 1995 13:18:27 -0400 (EDT) From: Dr. Frederick B. Cohen <fc@all.net> To: Aleph One <aleph1@dfw.net> Cc: cypherpunks@toad.com Subject: Re: [NOISE] Re: Postscript in Netscape
I belive you have been told *SAVERAL* times you *WONT* get an answer on this list, and to contact their PR department. Why dont you do us all a favor. Contact the PR department if this questions really burns you so much. Get an answer. And post it on the list.
So the PR department defines security at Netscape?
-- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
participants (6)
-
Aleph One -
fc@all.net -
futplex@pseudonym.com -
Michael H. Warfield -
pdlamb@iquest.com -
rthomas@pamd.cig.mot.com