[1042] in WWW Security List Archive
Re: New York Times article
daemon@ATHENA.MIT.EDU (Seth I. Rich)
Fri Oct 13 18:28:05 1995
Date: Fri, 13 Oct 1995 14:46:02 -0400
To: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif ),
www-security@ns2.rutgers.edu
From: "Seth I. Rich" <seth@hygnet.com>
Errors-To: owner-www-security@ns2.rutgers.edu
>>Executives at Netscape said yesterday that they were aware of
>>the security issues surrounding NFS and would make changes in
>>the next release of their software, expected before the end of
>>the year, to permit recipient of a downloaded program to check
>>it for signs of tampering.
>If one can patch the .EXE on the fly why not patch the signature, MAC, MIC
>or something like that? Is the promised protection possible at all (given
>today's infrastructure).
Personally, the above claim makes me suspicious. Is it truly possible
for Netscape to accomodate for the NFS security problems? Have they
stumbled across a resolution the rest of the networking community have
overlooked?
Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com - (610) 859-0100
Systems Administrator / Webmaster, HYGNet My words are my own; please
Rabbits on walls, no problem. don't blame my employer!
