[3777] in WWW Security List Archive
Netscape 'secret' codes and security implications
daemon@ATHENA.MIT.EDU (Peter Choynowski)
Wed Dec 11 15:55:56 1996
From: pkc@scs.carleton.ca (Peter Choynowski)
Date: Wed, 11 Dec 1996 14:04:36 -0500 (EST)
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Forgive me if this has been talked about before. In a recent post to a
mailing list a URL of a person working for Netscape was given to get
some good software. Once you access that URL a very cute thing happens
- the regular Netscape logo in the upper right hand changes to a
rotating compass ( Netscape 3.0 X11 versions only ). Very cute you
might say, but so what - well I think that secret build in codes are a
dangerous feature in a program as popular as a Web browser - what is
even stranger about this, as I tried to send the connection through a
webrelay ( using netcat - very neat program ) to snag the codes it
would not do it, but a direct connect to the URL works.
I know that programmers will put in cute code for their own amusement,
( read debugging code ) but as the old sendmail program shows it could
be dangerous in some cases. For what we know Netscape could have a
back door to all your files when using their browser, by sending it
some secret code ( I hope they don't :)
I like to find out if people are aware of the above, and what is the
feeling on using pre-compiled software of this type - should we start
running the browser from a chroot env. :)
Thanks,
Peter
P.S. Here are the URLs:
http://home.netscape.com/people/jwz ( look at the following code )
<ANIM KEY=zs7NzcrM1dfG29PM SALT=29PZ HASH=38jT68fN38hZ68lN01HRT2vnWdVX91NZZ1N3>
<!-- Questions about the preceding line will be gleefully ignored. -->
http://home.netscape.com/people/jwz/hacks.html ( some good code )
