[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fwd: Resent mail....]Da`nh cho ca'c ba'c du`ng netscape navigator

This is a multi-part message in MIME format.
--------------DFC36CD326EAB5095B701F71
Content-Type: text/plain; charset=us-ascii
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

     Ba'c na`o quan ta^m dde^'n chi tie^'t xin mo+`i to+'i
      http://cnnfn.com/digitaljam/9706/12/netscape_pkg/
      http://www8.zdnet.com/pcmag/news/trends/t970612b.htm

     Hu`ng

--------------DFC36CD326EAB5095B701F71
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Return-Path: <owner-bugtraq@NETSPACE.ORG>
Received: from brimstone.netspace.org ([128.148.157.143]) by hanoi.vnd.net
          (Post.Office MTA v3.0 release 0122 ID# 0-0U10L2S100) with ESMTP
          id AAA260 for <dhung@HANOI.VND.NET>;
          Fri, 13 Jun 1997 14:06:43 +0700
Received: from netspace.org ([128.148.157.6]) by brimstone.netspace.org with ESMTP id <32775-17198>; Fri, 13 Jun 1997 01:33:51 -0400
Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with
          spool id 4177396 for BUGTRAQ@NETSPACE.ORG; Fri, 13 Jun 1997 01:31:01
          -0400
Received: from brimstone.netspace.org (brimstone [128.148.157.143]) by
          netspace.org (8.8.5/8.8.2) with ESMTP id BAA13571 for
          <BUGTRAQ@netspace.org>; Fri, 13 Jun 1997 01:30:52 -0400
Received: from netspace.org ([128.148.157.6]) by brimstone.netspace.org with
          ESMTP id <32775-17198>; Fri, 13 Jun 1997 01:30:45 -0400
Approved-By: aleph1@UNDERGROUND.ORG
Received: from dfw.dfw.net (aleph1@dfw.dfw.net [198.175.15.10]) by netspace.org
          (8.8.5/8.8.2) with SMTP id BAA10495 for <bugtraq@netspace.org>; Fri,
          13 Jun 1997 01:05:51 -0400
Received: from localhost by  dfw.dfw.net (4.1/SMI-4.1) id AA10357; Fri, 13 Jun
          97 00:07:18 CDT
X-Received: from pdx1.world.net by  dfw.dfw.net (4.1/SMI-4.1) id AA19791; Thu,
            12 Jun 97 21:56:53 CDT
X-Received: from suburbia.net (suburbia.net [198.142.2.24]) by pdx1.world.net
            (8.7.5/8.7.3) with ESMTP id TAA29279; Thu, 12 Jun 1997 19:56:57
            -0700 (PDT)
X-Received: (from list@localhost) by suburbia.net (8.8.4/8.8.4) id MAA11891;
            Fri, 13 Jun 1997 12:48:05 +1000 (EST)
X-Received: (from proff@localhost) by suburbia.net (8.8.4/8.8.4) id LAA22587
            for best-of-security@suburbia.net; Fri, 13 Jun 1997 11:24:21 +1000
            (EST)
Resent-Subject: Resent mail....
Message-ID: <Pine.SUN.3.94.970613000708.10197B@dfw.dfw.net>
Date: 	Fri, 13 Jun 1997 00:07:08 -0500
Reply-To: Aleph One <aleph1@DFW.NET>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
Comments:     Resent-From: Aleph One <aleph1@dfw.net>
Comments:     Originally-From: Julian Assange <proff@suburbia.net>
From: 	Aleph One <aleph1@DFW.NET>
Subject:      Resent mail....
To: 	BUGTRAQ@NETSPACE.ORG

   Netscape NEW YORK (CNNfn) - A serious new flaw that affects all
   versions of Netscape Communications Corp.'s popular Navigator Internet
   browser software -- including the final test version of its
   Communicator Suite released Wednesday -- has been uncovered by a
   Danish software firm, CNNfn has learned.

   The bug was reported by Cabocomm, a software company located about 100
   miles west of Copenhagen, Denmark. The bug makes it possible for
   Web-site operators to read anything stored on the hard drive of a PC
   logged on to the Web site.

   After the firm reported the bug to CNN Financial News, CNNfn and PC
   Magazine tested the bug by creating and storing a document on a PC's
   hard drive in New York. Seconds later, the Danish company read it.

   As further proof, CNNfn and PC Magazine created another document which
   the Danish company was also able to read.

   Larry Seltzer, technical director of PC Labs, was among those who
   helped verify the bug report. He said it would take a somewhat savvy
   computer user to exploit the bug.

   "They have to be seeking information from your system and they also
   have to know the file name. It's not that hard for somebody who's
   looking to make trouble, but they do have to be looking for it,"
   Seltzer said.

   "It's serious in that it's in the [actual] browser ...whereas previous
   bugs generally required the user to have downloaded an additional
   product," Jim Wise, UNIX administrator for CNNfn, said.

   CNNfn's test showed that Internet security firewalls offer no
   protection from the bug.

   Mike Homer, vice president of marketing for Netscape, said the company
   takes this and all bug reports seriously. (83K WAV) or (83K AIFF)

   The Danish company says the reward of $1,000 and a T-shirt is
   "insultingly low" considering the extent to which the bug report is
   likely to worry Netscape users.

   Cabocomm said it would accept "reasonable compensation" for the
   technical information -- or they can send a Netscape representative to
   Cabocomm and get it for free.

   CNNfn, PC Magazine and the Danish company will not release technical
   details on the bug until Netscape has prepared a bug fix.

   The reason CNNfn is not reporting the specifics of the bug is to avoid
   anyone exploiting it.

   Until the bug is fixed, confidential letters, business spreadsheets --
   everything on your PC -- can potentially be pilfered.

   The Danish company says it won't exploit the bug, but has no idea if
   someone else has found the same bug and is compromising a system's
   integrity.


--------------DFC36CD326EAB5095B701F71--