× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 1997

Re: File Transfer auto sign on

  • Subject: Re: File Transfer auto sign on
  • From: Dave Mahadevan <mahadevan@xxxxxxxx>
  • Date: Fri, 20 Jun 1997 18:55:57 -0400
  • Organization: Stoner and Associates
 
Tom McArthur wrote:
> 
> > > >4. In your CMOS setup, disable bootup from drive A:
> > > >(so a hacker can't get into the PC w/ a bootable floppy).
> > > >
> > This is a bad idea.  Bootable floppy is imperative for disaster
> > recovery.
> 
> If the hard drive won't boot, you can still get to the CMOS to turn
> the floppy access back on.
> 
> Sorry, but I disagree about it being "a bad idea". It stops
> floppy-boot access, and it stops the transmission of boot-sector
> viruses.
> 
> JMHO
> 
Viruses, unfortunately, do not need floppies to propagate!  Viruses can
be planted by numerable methods.  Even using an internet browser is
subject to exposure.  Read On:  I do hope they are not able to "write"!

>
>> -----Original Message-----
>> From:        Russ Emerson [SMTP:remerson@cisco.com]
>> Sent:        Thursday, June 12, 1997 6:40 PM
>> To:  infosec-trolls@cisco.com
>> Subject:     Hoooooly cow....  Major Netscape bug.
>> 
>> This could be all kinds of fun.
>> 
>> =8^0
>> 
>> ----- Begin Included Message -----
>> 
>> http://cnnfn.com/digitaljam/9706/12/netscape_pkg/
>> 
>> Netscape bug uncovered
>> 
>> Danish software firm finds flaw that
>> could let sites see data stored on PCs
>> 
>> >From Correspondent Steve Young
>> June 12, 1997: 6:58 p.m. ET
>> 
>> NEW YORK (CNNfn) - A serious new flaw that affects all versions of
>> Netscape 
>> Communications Corp.'s popular Navigator Internet browser software --
>> including 
>> the final test version of its Communicator Suite released Wednesday --
>> has been 
>> uncovered by a Danish software firm, CNNfn has learned.
>> 
>> The bug was reported by Cabocomm, a software company located about 100
>> miles 
>> west of Copenhagen, Denmark. The bug makes it possible for Web-site
>> operators 
>> to read anything stored on the hard drive of a PC logged on to the Web
>> site.
>> 
>> After the firm reported the bug to CNN Financial News, CNNfn and PC
>> Magazine 
>> tested the bug by creating and storing a document on a PC's hard drive
>> in New 
>> York. Seconds later, the Danish company read it.
>> 
>> As further proof, CNNfn and PC Magazine created another document which
>> the 
>> Danish company was also able to read.
>> 
>> Larry Seltzer, technical director of PC Labs, was among those who
>> helped verify 
>> the bug report. He said it would take a somewhat savvy computer user
>> to exploit 
>> the bug.
>> 
>> "They have to be seeking information from your system and they also
>> have to 
>> know the file name. It's not that hard for somebody who's looking to
>> make 
>> trouble, but they do have to be looking for it," Seltzer said.
>> 
>> "It's serious in that it's in the [actual] browser ...whereas previous
>> bugs 
>> generally required the user to have downloaded an additional product,"
>> Jim 
>> Wise, UNIX administrator for CNNfn, said.
>> 
>> CNNfn's test showed that Internet security firewalls offer no
>> protection from 
>> the bug.
>> 
>> Mike Homer, vice president of marketing for Netscape, said the company
>> takes 
>> this and all bug reports seriously. (83K WAV) or (83K AIFF)
>> 
>> The Danish company says the reward of $1,000 and a T-shirt is
>> "insultingly low" 
>> considering the extent to which the bug report is likely to worry
>> Netscape 
>> users.
>> 
>> Cabocomm said it would accept "reasonable compensation" for the
>> technical 
>> information -- or they can send a Netscape representative to Cabocomm
>> and get 
>> it for free.
>> 
>> CNNfn, PC Magazine and the Danish company will not release technical
>> details on 
>> the bug until Netscape has prepared a bug fix.
>> 
>> The reason CNNfn is not reporting the specifics of the bug is to avoid
>> anyone 
>> exploiting it.
>> 
>> Until the bug is fixed, confidential letters, business spreadsheets --
>> 
>> everything on your PC -- can potentially be pilfered.
>> 
>> The Danish company says it won't exploit the bug, but has no idea if
>> someone 
>> else has found the same bug and is compromising a system's
>> integrity.<Picture: 
>> Link to top> 
>> 
>> 
>> ----- End Included Message -----
-- 
Thank You.

Regards

Dave Mahadevan.. mailto:mahadevan@fuse.net
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* This is the Midrange System Mailing List!  To submit a new message,   *
* send your mail to "MIDRANGE-L@midrange.com".  To unsubscribe from     *
* this list send email to MAJORDOMO@midrange.com and specify            *
* 'unsubscribe MIDRANGE-L' in the body of your message.  Questions      *
* should be directed to the list owner / operator: david@midrange.com   *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.