[8631] in bugtraq
Re: Netscape Communicator 4.5 can read local files
daemon@ATHENA.MIT.EDU (Ben Collins)
Wed Nov 25 13:22:14 1998
Mail-Followup-To: Ryan Russell <Ryan.Russell@SYBASE.COM>, BUGTRAQ@netspace.org
Date: Wed, 25 Nov 1998 12:48:32 -0500
Reply-To: Ben Collins <bmc@VISI.NET>
From: Ben Collins <bmc@VISI.NET>
X-To: Ryan Russell <Ryan.Russell@SYBASE.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <882566C7.001826B1.00@gwwest.sybase.com>; from Ryan Russell on
Tue, Nov 24, 1998 at 08:23:25PM -0800
--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
I would just like to say that I find it hard to believe so much fuss has
been made about this. It is clear that this is only a local 'trick' to
look like it has gotten info. There used to be earlier versions of this
where ppl would make a link to file:///C|/ and say they had your hardrive
contents on their webpage, and now that java/javascript is involved
everyone is freaking out over the same thing just done a litte more
elaborately.
If some one here can setup a webpage, send me the URL, have that page read
the file '/test.txt' from my hardrive and then that person send the
contents to this list, I will believe. Otherwise I think this whole
hysteria over 'unforseen' dangers should stop.
--=20
----- -- - -------- --------- ---- ------- ----- - - --- --------
Ben Collins <b.m.collins@larc.nasa.gov> Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc. bcollins@debian.org
------ -- ----- - - ------- ------- -- The Choice of the GNU Generation
--FL5UXtIhxfXey3p5
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBNlxC7yo9WkFm9rsJAQF3eQQAqq5VtJa0/jIId1ZsaeRlgrTOc4F2s84D
/sfNRmmUvEHw/mLGzIMZ2q4bMbtdMAFrqkkFtNg8mNx82/7hccIMnQLg6ZX4/uBF
i0h9WbNA8Ie9E1KNcrs8nJ0mU5cG4OBrXI5AF1/oB4tniEcB+D2tJIdhTqMWsUeS
TlSwPPz2Wlo=
=wqJI
-----END PGP SIGNATURE-----
--FL5UXtIhxfXey3p5--
