Re: New York Times article

• To: www-security@ns2.rutgers.edu
• Subject: Re: New York Times article
• From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif )
• Date: Fri, 13 Oct 95 10:31:26 +0100

Qutotation from the NYT Article posted (thanks) by rcq@ftp.com (Bob Quinn)

>Executives at Netscape said yesterday that they were aware of
>the security issues surrounding NFS and would make changes in
>the next release of their software, expected before the end of
>the year, to permit recipient of a downloaded program to check
>it for signs of tampering.

If one can patch the .EXE on the fly why not patch the signature, MAC, MIC
or something like that? Is the promised protection possible at all (given 
today's infrastructure).

The only thing I could Imagine is to download Navigator 2.1 throug a SSL-secured
connection with Navigator 2.1 (the rand_seed_problem does not affect this).
But this is not a general solution :-(

other opinios?

read you later  -  Holger Reif
http://remus.prakinf.tu-ilmenau.de/Reif/

• Previous: Message authentication (was Re: New York Times article)
• Next: Re: New York Times article
• Index(es):
  • Index
  • Thread