|
Tom McArthur wrote: > > > > >4. In your CMOS setup, disable bootup from drive A: > > > >(so a hacker can't get into the PC w/ a bootable floppy). > > > > > > This is a bad idea. Bootable floppy is imperative for disaster > > recovery. > > If the hard drive won't boot, you can still get to the CMOS to turn > the floppy access back on. > > Sorry, but I disagree about it being "a bad idea". It stops > floppy-boot access, and it stops the transmission of boot-sector > viruses. > > JMHO > Viruses, unfortunately, do not need floppies to propagate! Viruses can be planted by numerable methods. Even using an internet browser is subject to exposure. Read On: I do hope they are not able to "write"! > >> -----Original Message----- >> From: Russ Emerson [SMTP:remerson@cisco.com] >> Sent: Thursday, June 12, 1997 6:40 PM >> To: infosec-trolls@cisco.com >> Subject: Hoooooly cow.... Major Netscape bug. >> >> This could be all kinds of fun. >> >> =8^0 >> >> ----- Begin Included Message ----- >> >> http://cnnfn.com/digitaljam/9706/12/netscape_pkg/ >> >> Netscape bug uncovered >> >> Danish software firm finds flaw that >> could let sites see data stored on PCs >> >> >From Correspondent Steve Young >> June 12, 1997: 6:58 p.m. ET >> >> NEW YORK (CNNfn) - A serious new flaw that affects all versions of >> Netscape >> Communications Corp.'s popular Navigator Internet browser software -- >> including >> the final test version of its Communicator Suite released Wednesday -- >> has been >> uncovered by a Danish software firm, CNNfn has learned. >> >> The bug was reported by Cabocomm, a software company located about 100 >> miles >> west of Copenhagen, Denmark. The bug makes it possible for Web-site >> operators >> to read anything stored on the hard drive of a PC logged on to the Web >> site. >> >> After the firm reported the bug to CNN Financial News, CNNfn and PC >> Magazine >> tested the bug by creating and storing a document on a PC's hard drive >> in New >> York. Seconds later, the Danish company read it. >> >> As further proof, CNNfn and PC Magazine created another document which >> the >> Danish company was also able to read. >> >> Larry Seltzer, technical director of PC Labs, was among those who >> helped verify >> the bug report. He said it would take a somewhat savvy computer user >> to exploit >> the bug. >> >> "They have to be seeking information from your system and they also >> have to >> know the file name. It's not that hard for somebody who's looking to >> make >> trouble, but they do have to be looking for it," Seltzer said. >> >> "It's serious in that it's in the [actual] browser ...whereas previous >> bugs >> generally required the user to have downloaded an additional product," >> Jim >> Wise, UNIX administrator for CNNfn, said. >> >> CNNfn's test showed that Internet security firewalls offer no >> protection from >> the bug. >> >> Mike Homer, vice president of marketing for Netscape, said the company >> takes >> this and all bug reports seriously. (83K WAV) or (83K AIFF) >> >> The Danish company says the reward of $1,000 and a T-shirt is >> "insultingly low" >> considering the extent to which the bug report is likely to worry >> Netscape >> users. >> >> Cabocomm said it would accept "reasonable compensation" for the >> technical >> information -- or they can send a Netscape representative to Cabocomm >> and get >> it for free. >> >> CNNfn, PC Magazine and the Danish company will not release technical >> details on >> the bug until Netscape has prepared a bug fix. >> >> The reason CNNfn is not reporting the specifics of the bug is to avoid >> anyone >> exploiting it. >> >> Until the bug is fixed, confidential letters, business spreadsheets -- >> >> everything on your PC -- can potentially be pilfered. >> >> The Danish company says it won't exploit the bug, but has no idea if >> someone >> else has found the same bug and is compromising a system's >> integrity.<Picture: >> Link to top> >> >> >> ----- End Included Message ----- -- Thank You. Regards Dave Mahadevan.. mailto:mahadevan@fuse.net * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * This is the Midrange System Mailing List! To submit a new message, * * send your mail to "MIDRANGE-L@midrange.com". To unsubscribe from * * this list send email to MAJORDOMO@midrange.com and specify * * 'unsubscribe MIDRANGE-L' in the body of your message. Questions * * should be directed to the list owner / operator: david@midrange.com * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
