At 10:35 1/31/95, Frank Wortner wrote:
>On Monday, 30 Jan 1995, Dr. Frederick B. Cohen wrote:
>
>> The real problem you will encounter is likely that W3 is not
>> secure. For example, .ps files which alter internal files will pass
>> throuhg the firewall to the W3 browser and cause internal damage.
>>
>
>The problem you describe isn't limited to W3 browsers. In fact, *any*
>system which allows the blind invocation of programs is vulnerable. One
>could just as well send the PostScript "nastygram" you describe through
>email. An email user agent that "conveniently" started a PostScript
>viewer would basically defer any security policy enforcement to the
>viewer just as effectively as a W3 browser.
But W3 browsers that do this (most of them) are much more common than email
agents that do this (few of them).
-Brent
--
== For info about the Internet Security Firewalls Tutorial and a schedule ==
== of upcoming dates, please send email to Tutorial-Info @
GreatCircle .
COM ==
==============================================================================
== Brent Chapman Great Circle Associates ==
== Brent @
GreatCircle .
COM 1057 West Dana Street ==
== +1 415 962 0841 Mountain View, CA 94041 ==
|
|
