[3852] in WWW Security List Archive
Re: Netscape eggs
daemon@ATHENA.MIT.EDU (Robert Bell)
Fri Dec 20 01:11:11 1996
From: Robert Bell <rabell@icdh16.dseg.ti.com>
To: www-security@ns2.rutgers.edu
Date: Thu, 19 Dec 96 22:36:13 CST
In-Reply-To: <32B9D3C2.3BF@cup.hp.com>; from "Gene" at Dec 19, 96 3:46 pm
Errors-To: owner-www-security@ns2.rutgers.edu
At a minimum, the mocha: egg appears to be a calculator, by
simply enter a URL as eg. mocha:2*3 or mocha:2/3 or the
command line generated by the egg mocha: can be used to enter
the string to calculate the value of. It's a simple JAVA
calculator. Neat, huh !
Regards
Robert Bell
rabell@ti.com
> Steve Neruda wrote:
> >
> > >
> > > The hack is harmless.
> > >
> > > There are a number of other easter eggs in the program. None of them are
> > > harmful. What eggs work and what do not depend on version and platform.
> > > (There is at least one that is Mac specific. There are a couple of X
> > > specific. I do not know of any PC specific ones.)
> >
> > For the most part I agree with the above statement. However the habit
> > of putting in hidden features is sometimes the same habit of putting in
> > a "engineering back door" to help speed development. These back doors
> > often become a security hole (remember the good old days of wizard
> > passwords in sendmail).
> >
> > I'm not implying that netscape has backdoors, only that developers need
> > to be careful of what they add. Netscape uses about: for many internal
> > functions as well. Here are some that work with 3.0 under Unix
> >
> > about:plugins
> > about:document
> > about:license
> > about:cache
> > about:global
> > about:image-cache
> > about:memory-cache
> > about:security
> > about:hype
> > about:blank
> > about:Mozilla
> > about:security
> > about:security?subject-logo=
> > about:security?
> > about:security?banner-mixed
> > about:security?banner-insecure
> > about:security?banner-secure
> > about:security?banner-payment
> > mocha:
> > javascript:
> > livescript:
> > view-source:
> >
> > I haven't been able to get the sound file from about:hype to play yet.
> > It looks like an .snd file though. Anyone know what the "mocha"
> > interpreter does?
> >
> > Steve Neruda Steve_Neruda@Nationwide.Com
> > Senior Internet Consultant The Internet Technologies Group
> >
> > ...simpler living through complexity...
> >
> > --
> > Steve Neruda Steve_Neruda@Nationwide.Com
> > Senior Internet Consultant The Internet Technologies Group
> >
> > "...you wouldn't want to OD on IP..."
> > [Joe Oak in response to Micro$oft$ plan to limit number
> > of IP sessions in their products]
>
