See also TBTF for 2000-03-31, 1999-08-30, 06-14, 02-15, 01-26, 01-13, 1998-12-15, 08-31, 05-18, 05-11, 04-27, more...
This flaw does not represent a threat to encrypted transactions; rather it
is a security hole through which a miscreant (love that word) could cause
the execution of an arbitrary program, script, or command on a client ma-
chine. (Rather like the mail-attachment, right-button boo-boo in Windows 95/
MSN that Microsoft has been dismissing a lot of late.)
>> mailto: hyperlinks containing extra-long domain names
>> seem to be handled comparatively safely in both Netscape and Mosaic.
>> (Perhaps they just have longer buffers ? ;)
> My guess is, Netscape doesn't do any processing on the
> mailto: hyperlink at all, but merely passes it to a real mail delivery
> agent like Sendmail (or it uses MAPI under Win'95). Which begs
> the question, if Netscape is executing an external delivery agent,
> there may be the possiblity of sneaking an attack in there and getting
> the shell to execute something.
>
> Hmm, let me try something . . .
>
> WOW!! Unbelievable! Stop the presses! I Can't believe no one ever
> discovered this before! Try a page with the following URL
>
> <a href="mailto:blah at foo dot com|xterm&"> test </a>
>
> Muahaha! Yet another security hole! Clicking on this mailto brings up
> an xterm on my machine! Simply change the xterm& to "rm -rf /" and
> bingo!
>
> Sheesh. I better stop before I am on Netscape's most hated list.
The "Muahaha" lends a nice tone. Obviously this correspondent has not
seen <http://www.c2.org/hacknetscape/>, a contest sponsored by Berkeley
ISP Community Connexion (with web site and prize tee shirt designed by
Eye Candy). The tee shirt is to die for. Thanks to bill@atria.com for
this one:
> Hack Netscape and win a T-shirt! Yes, expose security flaws in the
> most widely used commercial WWW software and you too can have your
> very own limited edition T-shirt, awarded only to people who have
> exposed security holes in Netscape internet products or managed
> widely publicized Netscape cracking events.
When I learn the identity of the two anonymous correspondents above I'll
let you know.
Emendation:
Sounds so much nicer than "correction," don't you think? Karyn German,
TIA product manager at Cyberspace Development, wrote to correct a mis-
impression from my List Hijacking piece in TBTF for 1995-09-24 (see
<1995-09-24.html>). The Majordomo
mailing list at CyberDev has never been open to posting by outsiders --
so my posited evil marketing genius could steal the list, but could not
make CyberDev pay for his use of it. Majordomo in fact offers a number
of such security knobs, as I assume the other list servers do. My point
was that Net oldtimers may not have been tweaking them, so far... but
they will.
The hijacker hijacked:
Karl Hakkarainen sent me a mailing originating from Atria Software,
Inc. -- in fact from just down the hall from my office. The announce-
ment of a seminar displayed what appeared to be Atria's entire New
England mailing list in its "To:" field. Thanks, Karl, the sender has
now been requested to use the "Bcc:" field in future.
>>From WEBster (1995-09-19):
Microport introduced the NetMark 1000 at Unix Expo. It is a complete,
out-of-the-box Web server solution including hardware, ready to plug
into a LAN and/or an Internet access provider. Based on a Pentium PC
with two Ethernet ports, an external SCSI port, and a CD-ROM drive,
the server runs Novell (soon to be SCO) UnixWare. Preinstalled are a
full suite of TCP/IP applications including news, mail, gopher, and a
Web server that seems to be based on NCSA/UIUC, as well as web author-
ing tools. Prices start at $6,800. Microport is positioning the NetMark
1000 as a quick way for companies to bring up a Web presence for either
internal or external information serving. For more details see the WEB-
ster story at <http://www.tgc.com/websec/20454.html>. I checked the Mi-
croport Web site, <http://www.mport.com/>, and it is remarkably content
free.
Sun, SGI, DEC, and others have been selling out-of-the-box, hardware/
software web-server solutions for some time now; Microport's offering
represents the first such that I am aware of priced significantly below
$10,000.
|
|
Software patents
See also TBTF for 2000-03-31, 1999-08-30, 06-14, 02-15, 01-26, 01-13, 1998-12-15, 08-31, 05-18, 05-11, 04-27, more... |
>>From the Internet Patent News Service (1995-09-05):
Finally, some numbers on the growth of software patents since 1971,
courtesy of the indispensible Greg Aharonian. Total patents have risen
on a leisurely straight line, doubling in number over the past 25 years.
Software patents have been on a clear exponential uptrend. For the data
set and a graph see
<sw-patents.html>.
Greg claims that there has been no statistically significant change in
the quality and process of handling software patents since the Compton's
debacle. He says that "Knuth is digging a grave just to have something
to roll over in."
>>Edupage -- mail listproc@educom.edu without subject
> and with message: subscribe edupage <your name> .
>>WEBster -- send mail without text to 4free@webster.tgc.com .
>>Internet Patent News Service -- mail patents@world.std.com
> with message: help .
| TBTF HOME |
CURRENT ISSUE |
TBTF LOG |
TABLE OF CONTENTS |
TBTF THREADS |
SEARCH TBTF |