Interesting People mailing list archives
IP: Re: Holes in the Web
From: David Farber <farber () central cis upenn edu>
Date: Fri, 29 Sep 1995 12:10:07 -0400
Date: Thu, 28 Sep 1995 21:29:14 -0400 From: "Joseph M. Reagle Jr." <reagle () rpcp mit edu>
Subject: Re: IP: Holes in the Web
Dave -- I was surprised to see that this latest security problem was discovered by one of our students at UMBC -- and an undergrad at that!
RaaRaa UMBC! <smile> (My undergrad institution, been following this there too, Dr. Finin was the chair of CS when I was there..)
Although an exploit hasn't been produced yet, personally I have been able to modify the PC register on my machine using a special URL. All that's needed is to add some assembly code, and arbitrary instructions can be executed on anyone's browser that executes that URL.
Buffer-overflows can be very nasty things. At first I saw that it crashed the browsers and there was a lot of hype about a third hole in Netscape, but it wasn't even touted as a huge security bug at first since it was unclear if one could do anything more than crash someone elses machines and it was in many browsers. It'd be neat if they could plant a command on someone's PC though... (Buffer overflow was one of the most effective tricks (on finger) of the Morris worm...) However, this gets back to an interesting point regarding security... The three breaks occured at 3 relatively different places in the scheme of security things. The first was a brute hack on the keyspace, very crypto orientated. The second attack was on the poor implementation of random number seed, very protocol-implementation orientated. The third was an attack on faulty error recovery, very OS/app orientated. It shows the range at which one must be paranoid to avoid holes, and how terribly difficult it is.
-------------------------
Regards, Joseph M. Reagle Jr. http://farnsworth.mit.edu/~reagle/home.html reagle () mit edu 0C 69 D4 E8 F2 70 24 33 B4 5E 5E EC 35 E6 FB 88
Current thread:
- IP: Re: Holes in the Web David Farber (Sep 29)