Re: What's the deal ?

• To: www-security@ns2.rutgers.edu
• Subject: Re: What's the deal ?
• From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>
• Date: Wed, 15 Feb 1995 11:30:10 +0900
• cc: hallam@dxal18.cern.ch
• In-reply-to: Your message of "Tue, 14 Feb 1995 12:53:07 PST." <Pine.BSD.3.91.950214124043.18272e-100000@get.wired.com>
• Reply-To: www-security@ns2.rutgers.edu

There was a security bug in a modified version of a browser used by a 
company as part of their software distribution system. This effectively
had the shell registered as the mime handler for the shell content type.
Go figure.

This feature was discovered by a researcher here a few days after the product 
was released and the company involved was informed. They stopped distribution 
immediately.

I agree with Brian that certification of adherence to standards would be
a usefull role for W3C, but I would not wish to be liable for security
loopholes in someone else's product. Its bad enough having one's own
code to worry about.


	Phill Hallam-Baker

• Do you know anybody top-notch in security research?
• From: " " <amir@watson.ibm.com>
• Re: What's the deal ?
• From: jern@spaceaix.jhuapl.edu

• Re: What's the deal ?
• From: Brian Behlendorf <brian@wired.com>

• Previous: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• Next: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• Index(es):
  • Index
  • Thread