[1010] in WWW Security List Archive
Re: New York Times article
daemon@ATHENA.MIT.EDU (Dana Hudes)
Thu Oct 12 01:09:10 1995
Date: Wed, 11 Oct 1995 22:23:54 -0400 (EDT)
From: Dana Hudes <dhudes@panix.com>
To: "Prince, Cheryl" <cprince@mfi.com>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <9509118134.AA813438237@mfi.com>
Errors-To: owner-www-security@ns2.rutgers.edu
I read the piece. I was puzzled why anyone thought that security holes in
NFS were anything new. Does anyone actually run NFS on the Internet as
opposed to their own server farm? Distributed fileesystems on the public
internet are usually done with AFS (and concomittant Kerberos security
which while not a panacea is more than NFS has), no?
On Wed, 11 Oct 1995, Prince, Cheryl wrote:
>
>
> The front page of today's New York Times focuses on (alleged) recently
> discovered security flaws inherent in the structure of the Web that could
> potentially delay the take-off of electronic commerce. According to the
> article, the "weakness occurs in a widely used Internet protocol-or technical
> standard-known as the Network File System. Because NFS does not have any means
> for allowing the recipient of a program or document to verify that it has not
> been altered during transmission from the file server to the user, any
> interception or tampering would go undetected."
>
> So, now I'm completely confused. Didn't we already know that, on its own, the
> internet is hardly secure for the transmission of sensitive data?? The article
> does not explore these new "flaws" in the context of all the various security
> architectures and firewalls etc. that have been and are being developed and
> implemented. Has anyone else read the piece? Would anyone venture to make any
> sense of it?
>
> Much obliged,
> CJ Prince
>
