9-28-95. W$Japer: "Infighting Unravels Alliance Seeking Standard to Protect Internet Purchases." The consortium brought together such top players as credit-card rivals Visa International and MasterCard International Inc., software titan Microsoft Corp. and Internet upstart Netscape Communications Corp. But this week, the alliance split because of tensions between Visa and MasterCard and their respective technology partners -- Microsoft and Netscape. Regarding Netscape, Mr. Dent of Microsoft said the firm's security deficiencies that have recently come to light have "tainted" electronic commerce on the Internet. Mr. Dent also noted that Microsoft yesterday introduced new security technology, including means to verify a user's identity, that is much stronger than Netscape's. STT_??? (6 kb)
John Young writes:
9-28-95. W$Japer:
Regarding Netscape, Mr. Dent of Microsoft said the firm's security deficiencies that have recently come to light have "tainted" electronic commerce on the Internet.
Thats almost an invitation to hack Microsoft's web products, isn't it? (Anyone from Netscape care to join in the fun?) Perry
As of 9:34AM on the day of the release hackmsoft has so far received -two- microsoft bugs and exploits.
John Young writes:
9-28-95. W$Japer:
Regarding Netscape, Mr. Dent of Microsoft said the firm's security deficiencies that have recently come to light have "tainted" electronic commerce on the Internet.
Thats almost an invitation to hack Microsoft's web products, isn't it?
(Anyone from Netscape care to join in the fun?)
Perry
-- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org
Perry writes:
Thats almost an invitation to hack Microsoft's web products, isn't it?
(Anyone from Netscape care to join in the fun?)
Perry
While this might been read as a sarcastic comment, I'll suggest that it really is excellent advice from Perry. Like cryptosystem design, secure software is best written by those with experience breaking other people's system. Encouraging Netscape programmers to hack at SST will result in embarassing disclosures for Microsoft, and better code for Netscape. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Thu, 28 Sep 1995, Perry E. Metzger wrote:
Thats almost an invitation to hack Microsoft's web products, isn't it?
Not a real attack- cos it's just a Denial Of Service, but it is kind of amusing... Windows NT has an interesting property in its handling of TCP connection establishment. NT has a small limit on the maximum size of its listen queue - it also handle queue overflow in a different way to BSD derived stacks. Instead of just dropping the connection request, and allowing the client TCP to retry automatically, NT sends a RST packet that aborts the connection. Ok, you can shutdown just about anything on the Net right now, and there won't be a real defence possible until IPSEC starts getting installed, but microsoft makes it much too easy. Simon
Regarding Netscape, Mr. Dent of Microsoft said the firm's security deficiencies that have recently come to light have "tainted" electronic commerce on the Internet. Mr. Dent also noted that Microsoft yesterday introduced new security technology, including means to verify a user's identity, that is much stronger than Netscape's.
Yeah. Right. I propose we show the world how Microsoft will respond to security problems. I should have a tentative web page up by later tonight. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org
participants (5)
-
Adam Shostack -
John Young -
Perry E. Metzger -
sameer -
Simon Spero