Java & Netscape security (reply to misc. postings)
Dr. Frederick B. Cohen
fc at all.net
Thu Nov 16 16:23:04 PST 1995
> 3. Postscript considered dangerous: (insert-smiley)
>
> As for the question of someone invoking a postscript interpreter via a
> browser and thus opening up their system to some rogue postscript
> file: I think it would be great if either of these two things were to
> magically happen:
>
> 1) people would stop putting postscript docs on web pages
> because it's the wrong technology for WWW - it wastes
> bandwidth - it's hard to view & hence often ugly - everyone
> just prints it out anyway and then complains because there
> is no one "standard" implementation of postscript printing
> worldwide and there are dozens of minor problems
>
> 2) someone could implement a secure postscript previewer
> (whatever that means!)
>
> I doubt either of those two things will happen. The average Jo on the
> internet needs to understand that when s/he downloads binary files
> over the internet and run them from insecure programs on their local
> computer, well, s/he runs some risk. This risk might be tiny, but
> it's impossible to quantify loss. If I lose a poem that I'm writing,
> to me that's priceless, so I do not intend to imply that loss of data
> isn't tragic for the person who loses it. If you have data you can't
> bear to lose, be sure to practice safe computing. Perform backups
> regularly, and use judgement about which interpreters and executable
> programs you allow to run on your PC.
>
> Marianne
It seems clear from this that Netscape, or at least Marianne who seems
to speak for Netscpe, doesn't understand the protection issues that my
clients face. I will nevertheless forward this official Netscape line
to them so they can better understand why I tell them it is insecure.
--
-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
More information about the cypherpunks-legacy
mailing list