At 11:32 PM 2/23/96, Alex Strasheim wrote:
Marianne Mueller, Java security engineer, also said the chances of such hacking occurring are "remote."
This is the sort of bullshit that gets companies in trouble. Netscape has a good record of responding to and fixing security problems. Why should they feel the need to do spin control? This borders on lying.
Might want to be careful calling Marianne a borderline liar. She's our host for Cypherpunks meetings at Sun, where's she's in the Java group. The article didn't make it clear that she's with Sun and not Netscape. She's also been coming to Cypherpunks meetings since the beginning, and posts here occasionally. I'm sure she can speak for herself, but she may not see this comment for a while, hence my comment here. As for the substance of her remarks, best to let her elaborate. Though, knowing journalists, it's quite possible that her "remote" remark was embedded in a much longer comment, which the reporter chose to cut. --Tim may Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Might want to be careful calling Marianne a borderline liar. She's our host for Cypherpunks meetings at Sun, where's she's in the Java group. The article didn't make it clear that she's with Sun and not Netscape. She's also been coming to Cypherpunks meetings since the beginning, and posts here occasionally.
I apologize for the remark, it was out of line. I don't know who she is, or what she actually said, for that matter. But the fact remains that these sorts of security problems were predicted well before Java was widely deployed. They're serious, and this isn't going to be the last one. An awful lot of people aren't going to patch their copies of Netscape any time soon, either. (A useful feature for Netscape might be a facility that checks periodically to see if a security patch is in order, and displays a warning if it is.) Problems with security are a fact of life. I've made embarassing mistakes that compromised security for some of my users. When that happens you have to come clean, tell the truth, and fix the problem. Don't try to convince people that you didn't screw up, that the problem isn't serious. Don't say things that will encourage users to put off installing a security patch. And don't underestimate the ability of your attackers.
Alex Strasheim wrote:
(A useful feature for Netscape might be a facility that checks periodically to see if a security patch is in order, and displays a warning if it is.)
Yes, we have thought of adding such a facility, not just for security patches, but for general release updates as well. However some folks may remember some discussion (I think it was mostly in other forums) about the possibility that Netscape was "phoning home" to deliver to us information about your browsing habits. Of course we have never done this, but if we were "phoning home" periodically to check for new releases it might raise some suspicion among the more paranoid. I guess we could make it an option... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
about your browsing habits. Of course we have never done this, but if we were "phoning home" periodically to check for new releases it might raise some suspicion among the more paranoid.
I guess we could make it an option...
I don't think you need to "phone home". Just make it happen whenever someone hits the Netscape web site. some monstrous percentage of Netscape users haven't changed the default home page, and even those who have do go to the Netscape page every now and then. -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
participants (4)
-
Alex Strasheim -
Jeff Weinstein -
sameer -
tcmay@got.net