[3845] in WWW Security List Archive
Re: Netscape eggs
daemon@ATHENA.MIT.EDU (Alan Olsen)
Thu Dec 19 03:26:45 1996
Date: Wed, 18 Dec 1996 22:18:29 -0800
To: Elliott Nichol <nichol@maths.ox.ac.uk>
From: Alan Olsen <alan@ctrl-alt-del.com>
Cc: Hugh McNeill <hmcneill@tssc.co.nz>, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>I know of two, the other being a compass. I don't think they are of
>worry in the security department, however, to get the fire-breathing
>Mozilla, supply the URL about:mozilla (Unix version Only) - The other needs
>a tag something like
><ANIM KEY=zs7NzcrM1dfG29PM SALT=29PZ
HASH=38jT68fN38hZ68lN01HRT2vnWdVX91NZZ1N3>
>and the document needs to be in a jwz directory - Something lingering from
>the original mozilla programmer?! - If so, what else could be in there
>that we don't know about - and is it safe??
The anim tag is bogus. Jamie Zawinski put that in as a joke. The amin tag
does nothing except confuse those that try and get the compass to work on
their web pages. All you need is the /jwz/ directory.
The hack is harmless.
There are a number of other easter eggs in the program. None of them are
harmful. What eggs work and what do not depend on version and platform.
(There is at least one that is Mac specific. There are a couple of X
specific. I do not know of any PC specific ones.)
---
| "Spam is the Devil's toothpaste!" - stuart@teleport.com |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: |
| mankind free in one-key-steganography-privacy!" | Ignore the man |
|`finger -l alano@teleport.com` for PGP 2.6.2 key | behind the keyboard.|
| http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|
