Re: tlug: Cache cow security hole

[Scott Stone <sstone@example.com>]

On Wed, 30 Sep 1998, Jonathan Byrne wrote:

> Here's a site everybody should check out, if they haven't already seen it.
> It is possible to suck out all of Netscape's cached information, including
> credit card numbers (yup, it saves those!) without your knowing it.  Works
> on all versions of Netscape that have Javascript.  Read the whole story
> and see the CGI that does it at:
> 
> http://www.shout.net/~nothing/cache-cow/index.html
> 
> Jonathan

... And I, the Lord, sayeth unto thee that Netscape's cache is of the
Devil.  Ye cannot serve two masters.

ie, turn the cache off.  It causes more problems than it solves, unless
you have an *extremely* slow link.  Even then, the security is worth it,
IMHO.

--------------------------------------------------
Scott M. Stone <sstone@example.com, sstone@example.com>
               <sstone@example.com>
Head of TurboLinux Development/Systems Administrator
Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan)
http://www.pht.com		http://armadillo.pht.co.jp
http://www.pht.co.jp	        http://www.turbolinux.com


---------------------------------------------------------------
Next Meeting: 10 October, 12:30 Tokyo Station Yaesu central gate
Featuring the IMASY Eng. Team on "IPv6 - The Next Generation IP"
Next Nomikai: 20 November, 19:30  Tengu TokyoEkiMae 03-3275-3691
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp