[1036] in WWW Security List Archive
Re: New York Times article
daemon@ATHENA.MIT.EDU (Holger Reif )
Fri Oct 13 08:49:24 1995
Date: Fri, 13 Oct 95 10:31:26 +0100
From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif )
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Qutotation from the NYT Article posted (thanks) by rcq@ftp.com (Bob Quinn)
>Executives at Netscape said yesterday that they were aware of
>the security issues surrounding NFS and would make changes in
>the next release of their software, expected before the end of
>the year, to permit recipient of a downloaded program to check
>it for signs of tampering.
If one can patch the .EXE on the fly why not patch the signature, MAC, MIC
or something like that? Is the promised protection possible at all (given
today's infrastructure).
The only thing I could Imagine is to download Navigator 2.1 throug a SSL-secured
connection with Navigator 2.1 (the rand_seed_problem does not affect this).
But this is not a general solution :-(
other opinios?
read you later - Holger Reif
http://remus.prakinf.tu-ilmenau.de/Reif/
