NYT on Internet Flaws

Vincent Cate vince at offshore.com.ai
Thu Oct 12 14:39:22 PDT 1995



The NYT claim was about as sensible as saying MS-DOS is the structure of
the Internet and is not safe, so the Internet is not safe.  We could as
well have viruses spreading on floppies for MS-DOS (there are far more
people on the Internet using MS-DOS than NFS) that cause your MS-DOS
Netscape to send the unencrypted credit card numbers off to a certain
anonymous email address.  Now watch, someone will try this.  Oh well.  It
really has nothing to do with the Internet or Netscape. 

I hope Markoff gets this: The fact that Internet communication is not
inherently secure does not mean that it can not be made secure.  Note that
an insecure phone-line can be made secure by using a phone with a
scrambler.  The same can be done on the Internet and is being done - by
companies like Netscape.  

By far the biggest obstacle to a secure Internet is the governments ITAR
regulations.  This has made it impractical to put real security into NFS,
FTP, Unix, and WWW.  Many of our current security problems are really due
to "the basic structure of ITAR" but none are due to the "basic structure
of the Internet". 

It sort of pains me to see this kind of hype, but it will probably push
companies to get real security faster.  So in the long run it may not be
such a bad thing.  Also, it may be easier to pressure the government to
get rid of the ITAR restrictions.  And they say any publicity is good
publicity, so it probably will not really hurt the Internet at all.  

  --  Vince

>    San Francisco, Oct. 10 -- Newly publicized weaknesses in
>    the basic structure of the Internet [...]
>[...]
>    The problem is not Netscape's alone; it potentially affects
>    any organization that operates a computer from which files
>    or software could be downloaded over the Internet. The
>    weakness can be traced to the technical underpinnings of
>    the network, [...]
> 
>    The disclosure of the flaws casts doubt on the aspirations
>    of companies like Netscape, which last summer had one of
>    the most successful stock offerings in Wall Street history
>    based on the promise of the impending arrival of a
>    full-fledged on-line marketplace.
>[...] 
>    The newly publicized weakness occurs in a widely used
>    Internet protocol -- or technical standard -- known as the
>    Network File System, or NFS. Because NFS does not have any
>    means for allowing the recipient of a program or document
>    to verify that it has not been altered during transmission
>    from the file server to the user, any interception or
>    tampering would go undetected.







More information about the cypherpunks-legacy mailing list