[1018] in WWW Security List Archive
Re: New York Times article
daemon@ATHENA.MIT.EDU (sameer)
Thu Oct 12 15:04:55 1995
From: sameer <sameer@c2.org>
To: cprince@mfi.com (Prince, Cheryl)
Date: Thu, 12 Oct 1995 08:53:35 -0700 (PDT)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <9509118134.AA813438237@mfi.com> from "Prince, Cheryl" at Oct 11, 95 12:03:57 pm
Errors-To: owner-www-security@ns2.rutgers.edu
Yes. There is absolutely -nothing- new in the NFS exploit
exposed by the UC Berkeley students. It has been common knowledge that
NFS is insecure and should not be used over untrusted networks. The
details of their specific exploit has not been used in the past, but
there is nothing which merits new concern over the security of
internet transactions.
>
>
>
> The front page of today's New York Times focuses on (alleged) recently
> discovered security flaws inherent in the structure of the Web that could
> potentially delay the take-off of electronic commerce. According to the
> article, the "weakness occurs in a widely used Internet protocol-or technical
> standard-known as the Network File System. Because NFS does not have any means
> for allowing the recipient of a program or document to verify that it has not
> been altered during transmission from the file server to the user, any
> interception or tampering would go undetected."
>
> So, now I'm completely confused. Didn't we already know that, on its own, the
> internet is hardly secure for the transmission of sensitive data?? The article
> does not explore these new "flaws" in the context of all the various security
> architectures and firewalls etc. that have been and are being developed and
> implemented. Has anyone else read the piece? Would anyone venture to make any
> sense of it?
>
> Much obliged,
> CJ Prince
>
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
The Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") sameer@c2.org
