[39916] in Cypherpunks
No subject found in mail header
daemon@ATHENA.MIT.EDU (owner-cypherpunks@toad.com)
Fri Sep 22 19:28:44 1995
Date: Fri, 22 Sep 1995 19:27:59 -0400
From: owner-cypherpunks@toad.com
Apparently-To: <pcw@access.digex.net>
Apparently-To: <perobich@ingr.com>
Apparently-To: <praveen@carina.unm.edu>
Apparently-To: <rah@shipwright.com>
Apparently-To: <rak@umich.edu>
Apparently-To: <rmtodd@servalan.servalan.com>
Apparently-To: <rjones@us.oracle.com>
Apparently-To: <rlistcy@sqwest.wimsey.bc.ca>
Apparently-To: <Rolf.Michelsen@delab.sintef.no>
Apparently-To: <rmccoy@mercury.interpath.net>
Apparently-To: <rslau@usc.edu>
Apparently-To: <sameer@c2.org>
Apparently-To: <sandfort@crl.com>
Apparently-To: <scottg@b4a206.mdc.com>
Apparently-To: <sdw@lig.net>
Apparently-To: <sebaygo@sibylline.com>
Apparently-To: <stainles@bga.com>
Apparently-To: <STANTON@ACM.ORG>
Apparently-To: <steven@echonyc.com>
Apparently-To: <sysdfg@gsusgi1.gsu.edu>
Apparently-To: <syshtg@gsusgi2.gsu.edu>
Apparently-To: <tentacle@hclb.demon.co.uk>
Apparently-To: <tld5032@commanche.ca.boeing.com>
Apparently-To: <m1tca00@FRB.GOV>
Apparently-To: <cypherpunks-local@MIT.EDU>
Apparently-To: <video@nhmxw0.fnal.gov>
Apparently-To: <vvallopp@eniac.seas.upenn.edu>
Apparently-To: <klmwkreb@lily.spc.uchicago.edu>
Apparently-To: <whitfield.diffie@Eng.Sun.COM>
Apparently-To: <XXCLARK@indst.indstate.edu>
Apparently-To: <ORNTS188@ksuvxb.kent.edu>
Apparently-To: <komori@silver.ucs.indiana.edu>
Although Netscape will certainly fix their new bugs, it's likely that
many old copies will remain on computers on the net, and the holes
will remain.
Netscape could "fight" against this with a modified worms/webcrawler
which looks for blatantly dangerous domain names in URLs and reports
them to "CERT" or blockware companies like Surfwatch. For example,
they'd find the foo* link at the bottom of
<A HREF="http://www.ai.mit.edu/people/lethin/lethin.html">My page</A>
Not a complete solution obviously (e.g. the server could selectively
reply to requests, and hide from the webcrawler IP).
What happens when someone using the AOL browser clicks on one of these
HREF's... does it crash all of AOL?
---
Concurrent VLSI Arch. Group 545 Technology Sq., Rm. 610
MIT AI Lab Cambridge, MA 02139 (617)-253-0972
