Netscape Security Flaw is a Feature
Many of us have been watching the CNN reports--headline reports at that--that all past and current versions of Netscape on all platforms have reportedly carried the bug that allows any Web site being hit by Netscape to examine files on the user's hard disk. (A demonstration by the Danish team was compelling. CNN-FN generated a text file, placed it on their hard disk, and accessed the Danish site. Moments later, the Danes read back the text file. Over and over for more examples. They _could have been_ the NSA Web site, and the files could have been history files, passphrase files, etc. History files are common, and give captured kestrokes, of course.) But how could such a massive, massive flaw have gone undiscovered for so long? The answer, "It's a feature, not a bug." According to Netscape spokesmen, this feature was added to the kernel of Mosaic, then Navigator, in 1993, as part of the Clipper Key Recovery Program. As James Clarke put it an interview tonight on MSNBC, "Dorothy Denning asked us to insert the "remote read" capabilities to ensure that the legitimate needs of law enforcement are met. No person cruising the Web has any expectation of privacy, as even Declan McCullagh has pointed out." Marc Rotenberg commented, "Privacy at the individual user level is unimportant, just so long as a Privacy Ombudsman can decide on the legitimate needs of law enforcement." Meanwhile, Microsoft has acknowledge that all lines to its Redmond site are clogged by people dumping Navigator and trying to download Explorer. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Marc Rotenberg commented, "Privacy at the individual user level is unimportant, just so long as a Privacy Ombudsman can decide on the legitimate needs of law enforcement."
Tim's statement, attributed to me, is not true. And I assume there is still some role for truth in the debate about privacy issues. Or maybe Tim disagrees. Marc Rotenberg.
At 09:33 PM 6/12/97 -0700, Tim May wrote:
But how could such a massive, massive flaw have gone undiscovered for so long?
"Our chief weapon is surprise."
Meanwhile, Microsoft has acknowledge that all lines to its Redmond site are clogged by people dumping Navigator and trying to download Explorer.
Actually, it's all a Scandinavian Plot - the Danish hackers are doing it on behalf of the Opera Browser folks from Norway, whose graphical browser has the advantage of being only 1/10 as big as Netscape or Internet Exploder. Their primary objective is to draw people away from Lynx... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
On Thu, 12 Jun 1997, Tim May wrote:
According to Netscape spokesmen, this feature was added to the kernel of Mosaic, then Navigator, in 1993, as part of the Clipper Key Recovery Program. As James Clarke put it an interview tonight on MSNBC, "Dorothy Denning asked us to insert the "remote read" capabilities to ensure that the legitimate needs of law enforcement are met. No person cruising the Web has any expectation of privacy, as even Declan McCullagh has pointed out."
Tim misrepresents my position, or does not understand it. I did not say that. Rather, I argued that you have no "right of privacy" that allows you generally to restrict the right of others to gossip, trade, or otherwise share information about you. Such a rule would violate their rights of free speech. Like Marc, I hope there is still some role for truth in the debate about privacy issues. -Declan
At 8:19 AM -0700 6/13/97, Declan McCullagh wrote:
On Thu, 12 Jun 1997, Tim May wrote:
According to Netscape spokesmen, this feature was added to the kernel of Mosaic, then Navigator, in 1993, as part of the Clipper Key Recovery Program. As James Clarke put it an interview tonight on MSNBC, "Dorothy Denning asked us to insert the "remote read" capabilities to ensure that the legitimate needs of law enforcement are met. No person cruising the Web has any expectation of privacy, as even Declan McCullagh has pointed out."
Tim misrepresents my position, or does not understand it. I did not say that. Rather, I argued that you have no "right of privacy" that allows you generally to restrict the right of others to gossip, trade, or otherwise share information about you. Such a rule would violate their rights of free speech.
Like Marc, I hope there is still some role for truth in the debate about privacy issues.
And like Marc, you take satire entirely too seriously. My one line paraphrasing of your point, ostensibly a deliberately clumsy rephrasing by Jim Clarke appropriating for his own uses your general point, could hardly have been expected to be a fully-nuanced explication of your point. Jeesh. You've been in D.C. too long, or have "headed" too many soccer balls lately. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim,
Meanwhile, Microsoft has acknowledge that all lines to its Redmond site are clogged by people dumping Navigator and trying to download Explorer.
Are you sure they are trying to get Explorer ? it's *very* difficult to buy a PC nowadays that comes without it. My guess is that people are still trying to get the vital bugfixes for NT, IE, Win95,... BTW: if people think IE will do better, they should broaden their minds. Long live ActiveX ! Recently, MS also implemented a file upload thingie for IE. What else do you need to browse a visitor's PC ? kr= \\\___/// \\ - - // ( @ @ ) +---------------oOOo-(_)-oOOo-------------+ | kris carlier - carlier@iguana.be | | Hiroshima 45, Tsjernobyl 86, Windows 95 | | Linux, the choice of a GNU gener8ion | | SMS: +32-75-61.43.05 | +------------------------Oooo-------------+ oooO ( ) ( ) ) / \ ( (_/ \_)
At 2:29 PM -0700 6/13/97, Kris Carlier wrote:
Tim,
Meanwhile, Microsoft has acknowledge that all lines to its Redmond site are clogged by people dumping Navigator and trying to download Explorer.
Are you sure they are trying to get Explorer ? it's *very* difficult to buy a PC nowadays that comes without it. My guess is that people are still trying to get the vital bugfixes for NT, IE, Win95,...
It was a joke. As you are a non-native English speaker (Belarus?), my subtlety may not have been as obvious as it would be to any reasonably-bright American or Brit. In any case, I use a Macintosh and Explorer 3.0, and no browser came with my Mac when I bought it in '94. Many machines of various flavors were sold prior to Explorer or Navigator being bundled. Me, I have no immediate plans to switch to Explorer. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (5)
-
Bill Stewart -
Declan McCullagh -
Kris Carlier -
Marc Rotenberg -
Tim May