Re: Security Update news release
-----BEGIN PGP SIGNED MESSAGE----- In article <9509251617.ZM167@tofuhut>, jsw@netscape.com ("Jeff Weinstein") wrote:
-- --PART-BOUNDARY=.19509251617.ZM167.tofuhut Content-Type: text/plain; charset=us-ascii
Here is the press release we put out this morning regarding the fix for RNG seed and stack overflow problems.
Do the new versions use PGP's randseed.bin? If Netscape even only looks at data used to keep PGP secure, Netscape will be banned from my computer and every computer I am responsible for. -- For good. - -- - -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGduUCoZzwIn1bdtAQFEgwGA3265JY1cahyqqd2VEe+1RPXI96DQBPRV r1EWdjxzjgXvxplLMagh9yWOPBq9OKRX =F3qb -----END PGP SIGNATURE-----
Do the new versions use PGP's randseed.bin? If Netscape even only looks at data used to keep PGP secure, Netscape will be banned from my computer and every computer I am responsible for. -- For good.
This is the second person who has expressed this sentiment. I don't understand it. If you believe that the possibility of randseed.bin getting out is dangerous, then why do you leave it online? Do you really trust every piece of software you run, every piece of software that can possibly access your machine over the net, to not look at that file?
participants (2)
-
nelson@santafe.edu -
shamrock@netcom.com