[3863] in WWW Security List Archive
Re: Netscape eggs
daemon@ATHENA.MIT.EDU (Sheen Yap)
Fri Dec 20 13:26:48 1996
From: "Sheen Yap" <syap@magna.com.au>
To: "www-security@ns2.rutgers.edu" <www-security@ns2.rutgers.edu>
Date: Sat, 21 Dec 96 03:20:20
Reply-To: "Sheen Yap" <syap@magna.com.au>
Errors-To: owner-www-security@ns2.rutgers.edu
Try these, not sure if it works on all versions:
ctrl-alt-t for connection info
ctrl-alt-f for the amazing fish cam
Cheers
Sheen
On Thu, 19 Dec 96 22:36:13 CST, Robert Bell wrote:
>
>At a minimum, the mocha: egg appears to be a calculator, by
>simply enter a URL as eg. mocha:2*3 or mocha:2/3 or the
>command line generated by the egg mocha: can be used to enter
>the string to calculate the value of. It's a simple JAVA
>calculator. Neat, huh !
>
>Regards
>Robert Bell
>rabell@ti.com
>
>
>> Steve Neruda wrote:
>> >
>> > >
>> > > The hack is harmless.
>> > >
>> > > There are a number of other easter eggs in the program. None of them are
>> > > harmful. What eggs work and what do not depend on version and platform.
>> > > (There is at least one that is Mac specific. There are a couple of X
>> > > specific. I do not know of any PC specific ones.)
>> >
>> > For the most part I agree with the above statement. However the habit
>> > of putting in hidden features is sometimes the same habit of putting in
>> > a "engineering back door" to help speed development. These back doors
>> > often become a security hole (remember the good old days of wizard
>> > passwords in sendmail).
>> >
>> > I'm not implying that netscape has backdoors, only that developers need
>> > to be careful of what they add. Netscape uses about: for many internal
>> > functions as well. Here are some that work with 3.0 under Unix
>> >
>> > about:plugins
>> > about:document
>> > about:license
>> > about:cache
>> > about:global
>> > about:image-cache
>> > about:memory-cache
>> > about:security
>> > about:hype
>> > about:blank
>> > about:Mozilla
>> > about:security
>> > about:security?subject-logo=
>> > about:security?
>> > about:security?banner-mixed
>> > about:security?banner-insecure
>> > about:security?banner-secure
>> > about:security?banner-payment
>> > mocha:
>> > javascript:
>> > livescript:
>> > view-source:
>> >
>> > I haven't been able to get the sound file from about:hype to play yet.
>> > It looks like an .snd file though. Anyone know what the "mocha"
>> > interpreter does?
>> >
>> > Steve Neruda Steve_Neruda@Nationwide.Com
>> > Senior Internet Consultant The Internet Technologies Group
>> >
>> > ...simpler living through complexity...
>> >
>> > --
>> > Steve Neruda Steve_Neruda@Nationwide.Com
>> > Senior Internet Consultant The Internet Technologies Group
>> >
>> > "...you wouldn't want to OD on IP..."
>> > [Joe Oak in response to Micro$oft$ plan to limit number
>> > of IP sessions in their products]
>>
>
>
