[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Sicherheitluecke in Netscape 2.0
aus: Edupage, 7 March 1996
NEW NETSCAPE NAVIGATOR BUGS DISCOVERED
Two researchers at the Open Software Foundation have discovered a couple of
flaws in Netscape's latest version of its popular Navigator Web-browsing
software, and have received $1,000 each from Netscape for their trouble.
One flaw takes advantage of various loopholes in Netscape's JavaScript
control language, that could allow a Web site to peruse the hard disk drive
of a user browsing the site. Operators of the Web site could discover the
names of files, but not read the contents. The other bug allows a Web site
to force a user's machine to send an e-mail message to another computer,
violating the privacy of users who wish to keep their e-mail addresses to
themselves. Netscape will issue a new version, Navigator 2.01, next week.
(San Jose Mercury News 5 Mar 96)
Edupage is written by John Gehl (gehl _at__ educom.edu) & Suzanne Douglas
(douglas _at__ educom.edu). Voice: 404-371-1853, Fax: 404-371-8057.
Technical support is provided by the Office of Information Technology,
University of North Carolina at Chapel Hill.
***************************************************************
EDUPAGE is what you've just finished reading. To subscribe to Edupage: send
a message to: listproc _at__ educom.unc.edu and in the body of the message type:
subscribe edupage Meriwether Lewis (assuming that your name is Meriwether
Lewis; if it's not, substitute your own name). ... To cancel, send a
message to: listproc _at__ educom.unc.edu and in the body of the message type:
unsubscribe edupage. (Subscription problems? Send mail to
educom _at__ educom.unc.edu.)
EDUCOM REVIEW is our bimonthly print magazine on learning, communications,
and information technology. Subscriptions are $18 a year in the U.S.; send
mail to offer _at__ educom.edu. When you do, we'll ring a little bell, because
we'll be so happy! Choice of bell is yours: a small dome with a button,
like the one on the counter at the dry cleaners with the sign "Ring bell for
service"; or a small hand bell; or a cathedral bell; or a door bell; or a
chime; or a glockenspiel. Your choice. But ring it!
EDUCOM UPDATE is our twice-a-month electronic summary of organizational news
and events. To subscribe to the Update: send a message to:
listproc _at__ educom.unc.edu and in the body of the message type: subscribe
update William Clark (assuming that your name is William Clark; if it's
not, substitute your own name).
ARCHIVES & TRANSLATIONS. Edupage is translated into French, German, Hebrew,
Hungarian, Italian, Lithuanian, Portuguese, Romanian, and Spanish. For
translations and archives, see URL: < http://www.educom.edu/ >. For info on
subscribing to any of those editions, send mail to translations _at__ educom.unc.edu.
*******************************************************************
Educom -- Transforming Education Through Information Technology
*******************************************************************
> ------- Forwarded Message Follows -------
> In tuhh.www, Sebastian Zimmermann <S.Zimmermann _at__ tu-harburg.d400.de>
> wrote:
>
> Hallo!
> In Zusammenhang mit Netscape 2.0 habe ich folgende Warnung erhalten:
> --------------------------------------------------------------------
> From: cip230 _at__ cip.physik.uni-wuerzburg.de (Stefan Keller)
> Newsgroups: de.org.ccc
> Subject: Javascript mailed in Deinem Namen
> Date: 3 Mar 1996 19:28:13 GMT
> Organization: CipPool der Physikalischen Institute, Uni Wuerzburg
> Lines: 25
> Message-ID: <4hcrsd$5c1 _at__ winx03.informatik.uni-wuerzburg.de>
> NNTP-Posting-Host: wpax10.physik.uni-wuerzburg.de
>
> Hallo...
>
> Schaut Euch mal
> http://cip.physik.uni-wuerzburg.de/~cip230/nettest.html
> an.
>
> Wird die Seite mit Netscape 2.0 betrachtet, sendet ein Javascript
> automatisch (sprich OHNE Euer Einverstaendnis) eine email
> (von Eurem Account, mit Eurem Namen)
> an die im Script eingestellte Adresse (zur Zeit an mich, auf der
> amerikanischen Seite auf der ich's gefunden habe ging stattdessen
> eine Protest-mail an Netscape raus..)
>
> Gruesse,
>
> Stefan
>
>
> Das Script hab ich irgendwo aus .edu-Land kopiert.
> ---------------------------------------------------------------------
> Ciao
> Sebastian
>
>
>
----------------------------------------------------------------
Jens Bleuel <bleuel _at__ pobox.com> URL: http://pobox.com/~bleuel
----------------------------------------------------------------
Listeninformationen unter http://www.inetbib.de.