[1333] in WWW Security List Archive
Re: caching protected documents
daemon@ATHENA.MIT.EDU (Brain21)
Sat Dec 23 01:41:37 1995
Date: Thu, 21 Dec 1995 12:09:53 -0500 (EST)
From: Brain21 <brain21@montag33.residence.gatech.edu>
To: "David W. Morris" <dwm@shell.portal.com>
cc: www-security@ns1.rutgers.edu
In-Reply-To: <Pine.SUN.3.90.951220182437.25191E-100000@jobe.shell.portal.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Wed, 20 Dec 1995, David W. Morris wrote:
> On Wed, 20 Dec 1995, Brain21 wrote:
>
> > What does this mean?? This is NOT necessarily a cacheing problem!!!
>
> What this means is that your organization should have a policy about
> unattended logged in terminals. If you care, logoff, lock your
> display, lock the office, etc. When you provide the UID/pw it is
I agree totally. However, in the real world this is not always the
case. There are many corporations, especially at different sites, who do
NOT educate their employees to security concerns. They feel that
passwords are enough, and the employees don't think about security as a
matter of course during their everyday activities. They think that that
is all left up to the sysadmins and security officers. It is completely
feasible that the scenario that I outlined would happen. For example, my
father was never really taught about security in his field, until he
started doing work for the Dept. of Defense, and now the Dept. of
Energy. The work he does is HIGHLY classified, and he is *somewhat*
educated as to this. Still the company that he used to work for that did
contracts for the DoD (nuclear weapons safety) used Netcom for a
corporate service provider!!!!!!!! Netcom may be fine for personal
accounts, but security conscious accounts? No. Sorry. Mitnick
compromised them. So did some other people that I have met. *I* had to
tell my dad about using PGP to send sensitive email.
The point is that while security *should* definitely be practised by
employees and they should be educated about it, it does not always happen
in the real world. Therefore the bug in Netscape is significant.
