[3886] in WWW Security List Archive
Re: Netscape eggs
daemon@ATHENA.MIT.EDU (laweb)
Sun Dec 22 17:45:14 1996
Date: Sun, 22 Dec 1996 13:03:45 -0800
To: www-security@ns2.rutgers.edu
From: laweb@gyw.com (laweb)
Errors-To: owner-www-security@ns2.rutgers.edu
This is one of those cases where education of users is called for.
With "about:cache" or without it, cache files are accessible to those who
want to see them.
User have to be educated that their cache consists of files which are
viewable by others. Then if they have privacy concerns, they know to erase
them.
Having "about:cache" as a convenience can serve as an educational tool for
users.
Some "bugs" just aren't better fixed.
>On Fri, 20 Dec 1996 htorgema@novice.uwaterloo.ca wrote:
>
>> Anyway, I doubt anyone find a way to compromise the security of a
>> client with such things...
>
>I've been collecting the "eggs" that have been posted for easy reference
>through my web-page. I should have things together by the start of next
>week and I'll post the URL up then.
>
>In doing so, I've been thinking about a client side issue. All of the
>eggs are mostly harmless and serve more as debugging tools or "parlor
>tricks" for users/developers.
>
>But, working as a consultant here at SU, and understanding privacy issues
>in a multiuser environment, eggs like about:cache reveal A LOT about the
>last user's interests.
>
>I understand that there are many other ways of obtaining this information
>(RAW peaks at the cache directory, bookmarks etc) but it is an issue,
>particulalry when a user can essentially re-play the previous users
>browsing
>
>Just a thought...
>
>Tim
Troy Korjuslommi
Technical Director/Webmaster
ALLIANCE STUDIO [WEST]
ph. (310) 458-0884
e. laweb@gyw.com
w3. http://gyw.com/alliance/
******************* selected fortunes I ***************************
The primary cause of failure in electrical appliances is an expired
warranty. Often, you can get an appliance running again simply by
changing the warranty expiration date with a 15/64-inch felt-tipped
marker.
-- Dave Barry, "The Taming of the Screw"
******************* selected fortunes II **************************
"Whenever you sacrifice freedom for security, you get neither."
-- Benjamin Franklin
