Re: NYT on Internet Flaws
The NYT claim was about as sensible as saying MS-DOS is the structure of the Internet and is not safe, so the Internet is not safe. We could as well have viruses spreading on floppies for MS-DOS (there are far more people on the Internet using MS-DOS than NFS) that cause your MS-DOS Netscape to send the unencrypted credit card numbers off to a certain anonymous email address. Now watch, someone will try this. Oh well. It really has nothing to do with the Internet or Netscape. I hope Markoff gets this: The fact that Internet communication is not inherently secure does not mean that it can not be made secure. Note that an insecure phone-line can be made secure by using a phone with a scrambler. The same can be done on the Internet and is being done - by companies like Netscape. By far the biggest obstacle to a secure Internet is the governments ITAR regulations. This has made it impractical to put real security into NFS, FTP, Unix, and WWW. Many of our current security problems are really due to "the basic structure of ITAR" but none are due to the "basic structure of the Internet". It sort of pains me to see this kind of hype, but it will probably push companies to get real security faster. So in the long run it may not be such a bad thing. Also, it may be easier to pressure the government to get rid of the ITAR restrictions. And they say any publicity is good publicity, so it probably will not really hurt the Internet at all. -- Vince
San Francisco, Oct. 10 -- Newly publicized weaknesses in the basic structure of the Internet [...] [...] The problem is not Netscape's alone; it potentially affects any organization that operates a computer from which files or software could be downloaded over the Internet. The weakness can be traced to the technical underpinnings of the network, [...]
The disclosure of the flaws casts doubt on the aspirations of companies like Netscape, which last summer had one of the most successful stock offerings in Wall Street history based on the promise of the impending arrival of a full-fledged on-line marketplace. [...] The newly publicized weakness occurs in a widely used Internet protocol -- or technical standard -- known as the Network File System, or NFS. Because NFS does not have any means for allowing the recipient of a program or document to verify that it has not been altered during transmission from the file server to the user, any interception or tampering would go undetected.
The real problem seems to be that Markoff (with whom I have spoken often in the past, and is actually *IS* a competent reporter -- usually) seems to have taken a number of interviews with various people and combined them, out of order with no real context into an Internet boogey-man story. The reason I say this is simply from the quotes by Jeff Schiller (and the "Netscape spokesman") -- they were most certainly talking about the recent discovery of problems with Netscape. The "NFS" silliness, and the thought that NFS is the mechanism by which Internet users download files seems to been have stiched in for the scare value. (We won't even get into the real-time file hijacking, etc.) I am suprised that Jeff Schiller isn't all over this (and other lists) spitting bullets considering the way he was (mis)quoted. On the other hand, it could well be that John wrote a different story and his *editors* at the NY Times decided with, um, how to put this delicately... re-ordered the story.. um, er I mean edited it. It happens all the time to make stories more "effective." (Most old newpaper folks are scared to death of this technology and take what swipes at it they can, whenever they can.) BTW: If you're really unhappy with Markoff, let him know what you think of his reporting... his email addresses used to be: markoff@nyt.com and johnm@well.sf.ca.us regards, David PS: Whatever I just said is my opinion, which should be obvious, since its coming from my home machine(s) which are funded by me personally... and not whomever I happen to work for from 9 to 5... PPS: BTW John, in case you're reading this, (and anyone else) you DO NOT HAVE PERMISSION TO QUOTE ME... period! In fact, this posting is Copyright (c) 1995 by David HM Spector and may not be reprinted in whole or in part without my express written permission. I have a copyright lawyer; she's really good, on retainer, and loves a good brawl.... ----------------------------------------------------------------------------- David HM Spector Software Developer & Nice Guy http://zeitgeist.com spector@zeitgeist.com voice: +1 212.721.6974 fax: +1 212.721.9084 -------- SJM, 32, seeks SJF for meaningful rel... What? This ISN'T the VOICE personals?!
participants (2)
-
David HM Spector -
Vincent Cate