W A R N I N G: NETSCAPE SPY "BUG"

Francisco Lopez (d005734c@dc.seflin.org)
Fri, 13 Jun 1997 17:20:06 -0400 (EDT)


A AA AAAA The A-Infos News Service AA AA AA AA INFOSINFOSINFOS http://www.tao.ca/ainfos/ AAAA AAAA AAAAA AAAAA

Date: Thu, 12 Jun 1997 23:22:08 -0400 (EDT) From: Ian Goddard <igoddard@erols.com> Subject: W A R N I N G: NETSCAPE SPY "BUG"

SPREAD THIS FAR & WIDE

CNN just ran a special report revealing the existence of a so called "bug" in NETSCAPE that allows a host's system from which you download a webpage to access any file on your computer. CNN proved that this bug does exist. As CNN states:

The bug makes it possible for Web-site operators to read anything stored on the hard drive of a PC logged on to the Web site.

The host site must know what files to look for. Interesting that, in the course of my TWA 800 research, while accessing some U.S. military webpages that once existed but now would no longer come in, the small icons on the lower right hand side of my screen would indicate that quite a lot of data was being uploaded to the host server. The lights would go from the icon representing my computer to the host computer for almost a minute, the opposite of the normal download light sequencing. My hard drive would also be activated during this time. Gee whiz... ?? Such as this military URL on CEC: http://130.163.113.252/cec_eng.htm Probably there's another explanation for the reverse sequence, but in light of this report, it's worth pondering.

I find it rather strange that there would be a "bug" that just happens to perform such an underhanded function. Is not a "bug" defined as something that prevents, not facilitates, a function? Something that would allow me to target and acquire a file on a remote computer would seem to be a function. It would therefore seem that this function cannot be defined as a "bug." If the host can target a given file, this is not a bug but a secret program in the program.

I further suspect that the host could enter a command to find all files that are for example twa*.* and thus all I further suspect that the host could enter a command to find all files that are for example twa*.* and thus all files with "twa" at the beginning would be lifted off one's system. I wonder what other convenient "bugs" might lurk inside the rat-fink NETSCAPE program.

I wonder if this is not grounds for a class-action law suit, if it could be proven that the "bug" is no accident. That it just happens to be in all versions of Netscape including their latest version released yesterday is a little hard to dismiss as error. I'm sure any qualified programmer could determine if it is by error or design. It could be a means by which to steal the source codes of programers that they develop, where the thief has a clue about possible file names for those codes.

NETSCAPE BUG: http://cnnfn.com/digitaljam/9706/12/netscape_pkg/ *********************************************************************** IAN GODDARD (igoddard@erols.com) Q U E S T I O N A U T H O R I T Y ----------------------------------------------------------------------- VISIT Ian Williams Goddard ------> http://www.erols.com/igoddard _______________________________________________________________________

TWA 800: THE FACTS --> http://www.erols.com/igoddard/twa-fact.htm

OKC BOMBING ---> http://www.erols.com/igoddard/prior.htm

****** A-Infos News Service ***** News about and of interest to anarchists

Subscribe -> email MAJORDOMO@TAO.CA with the message SUBSCRIBE A-INFOS Info -> http://www.tao.ca/ainfos/ Reproduce -> please include this section