Re: tlug: Cache cow security hole

[Totoro <riley@example.com>]

On Wed, 30 Sep 1998, Darren Cook wrote:

> >Here's a site everybody should check out, if they haven't already seen it.
> >It is possible to suck out all of Netscape's cached information, including
> >credit card numbers (yup, it saves those!) without your knowing it.
> 
> Credit card numbers is a bit of an exaggeration. "about:cache" only shows
> URL's, which means it would only store form information if submitted with

According to an article in Edupage, which can be found at sunsite SUT--

http://sunsite.sut.ac.jp/edupage/Edupage-98.09.29.html

Netscape's flaw does NOT involve encrypted information, as this is not
stored in cache. I suppose if you are ordering something through a
non-secure site (not many of these are left, are there?), then there
might be a risk. So far nobody has reported such an attack, as this
flaw is still described as "hypothetical" by Netscape. Then again,
Edupage is quoting USA Today, so YMMV by a lot here.....


David Riley

Hachinohe Institute of Technology
88-1, Myo, Ohbiraki
Hachinohe-shi Aomori-ken

http://w3.clat.hi-tech.ac.jp

---------------------------------------------------------------
Next Meeting: 10 October, 12:30 Tokyo Station Yaesu central gate
Featuring the IMASY Eng. Team on "IPv6 - The Next Generation IP"
Next Nomikai: 20 November, 19:30  Tengu TokyoEkiMae 03-3275-3691
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp