Hi (un- named) "sds07", Thanks a lot for the tip!! =`:) Hi friends All: ____________________________________________ [++ JAVA related exploit ahead ++] If you got a Netscape browser running you better disable/close Java till further notice... [Or trust sites that you frequent] (All platforms, thought??) (does no affect _winie_??) (does not affect _moz5/nscp6-pre2_??) [WARN] Just: Edit/Preferences/Advanced and disable: "Enable Java" Act ASAP. You are Warned!! ---- On Tue, 8 Aug 2000 10:06:07 -0400 sds07@health.state.ny.us wrote:

No flames, please. Just an FYI! Netscape bug... http://dailynews.yahoo.com/h/ap/20000807/tc/netscape_bug_2.html

---- No need to, just more (a lot more indeed): ____________________________________________ [INFO/TRACE of search documentation procedure performed] ** From using bottom Search box = "netscape" on "Slashdot: News for nerds, stuff that matters" URL: http://www.slashdot.org/ ** gives: "Slashdot: Search netscape" URL: http://slashdot.org/search.pl?query=netscape ** And then clicking on link: "Java Security Hole Makes Netscape Into Web Server by Hemos on Saturday August 05, @10:22PM EDT" URL: http://slashdot.org/article.pl?sid=00/08/06/0222241&mode=thread ** gives: "Slashdot | Java Security Hole Makes Netscape Into Web Server" URL: http://slashdot.org/article.pl?sid=00/08/06/0222241&mode=thread ** which notes: [Posted by Hemos (1) on Saturday August 05, @10:22PM from the big-and-bad dept. Baldrson (2) and other folks as well write: "Dan Brumleve is at it again with Brown Orifice (3). In this episode, our fearless grey hat (4) opens a security hole in the Web's foundation that makes Napster (5) look positively tame by comparison. Be careful with this, kids. It turns your Netscape Web browser into a Web server that can serve up your entire file system to any other Web browser."] [clicks] (1) "Hemos" URL: http://hemos.net (2) "Baldrson" URL: mailto:jabowery@netcom.com (3) "Brown Orifice" URL: http://www.brumleve.com/BrownOrifice/ (4) "grey hat" URL: http://slashdot.org/comments.pl?sid=00/07/27/1343236&cid=310 (5) "Napster" URL: http://www.napster.com/ [clicks expanded] (3) "Brown Orifice HTTPD Homepage" URL: http://www.brumleve.com/BrownOrifice/ ## ---- On a nutshell ---- ** Test Orifice On-Line URL: (same) http://www.brumleve.com/BrownOrifice/ ** Test BOHTTPD Spy ("see a list of links to browsers currently running BOHTTPD") URL: http://www.brumleve.com/BrownOrifice/BOHTTPD_spy.cgi ** Download ("get a copy of the Brown Orifice site and source code"): URL: http://www.brumleve.com/BrownOrifice/BOHTTPD_download.cgi ## ---- ------------- ---- (4) "Articles: Security Through Obscurity A GOOD Thing?" URL: http://slashdot.org/comments.pl?sid=00/07/27/1343236&cid=310 ** which key notes: "Give Grey Hats the Right Incentives" [end clicks] ____________________________________________ [COMMENTS] I have not got time / intentions to test "Brown Orifice", hope some body will do and post results. Note the (4) key on: //Dan Brumleve, the developer of DBarter (a) (which won the Hackers Conference prize for "best work in progress" last year (b)) was quite young when he discovered his first Netscape exploit Tracker (c). Netscape subsequently gave credit for finding the "Tracker" hole to a guy from Bell Labs."//, and consequences... URL (again): http://slashdot.org/comments.pl?sid=00/07/27/1343236&cid=310 (a) See [DBarter - Financial Infrastructure for the Internet] URL: http://www.dbarter.com/ (b) See Dan showing won price on hand (JPG), at his page: URL: http://www.dbarter.com/images/dan.jpg (c) See The Tracker Bug / Security Update on Netscape as of AUGUST 4, 1997: URL: http://home.netscape.com/security/notes/previous/tracker.html [INMHO] It is a matter of who tries harder. [SALT ] Or a "grain of it", as Lenz wrote on one of his numerous posts, He helping as ever: "Yes, I totally agree. Automated updating should be taken with a grain of Salt :)" See Lenz's post on "Re: [suse-security] SuSE security reputation, etc.." at: URL: http://lists.suse.com/archives/suse-security/2000-Aug/0088.html [HEAVY SALT] Fiuuu, it is available (BOHTTPD) to general public, source included, just waiting for some idiot to borrow it, enhance it, spread gargage on the Net, maybe learn some Java on the process, and who knows... Java performing. A Saga on it's own. ____________________________________________ [GRINS, GRRR's and more] Although i'm a Netscape® Communicator 4.74 128bits user, as you can see on: Headers/All: [X-Mailer: Mozilla 4.74 [en] (Win95; U)] (procedure if you use Netscape also). Through which i usually post. (3Com ADSL HomeConnect PCI 3CP3617, lack to support Linux, problem related!! GRRRR...) Cannot use my SuSE Linux to post directly to Net through ADSL, again GRRRR...... [XzFrSk¿?)¿)?$$!$·Arrrrgghhhsh...rumble rumble] ____________________________________________ Too much for one post... (beg your pardon!!) =`8) The War continues... No more for now. -- HTH Best regards, Eduardo Carriles [-- Better a smile than a flame --] (Long time SuSE-Linux [preferred distro] user). [-- Se me nota mucho? -- Notices me much?] [-- Have a lot of fun...]