IP: Re: Holes in the Web

[David Farber <farber () central cis upenn edu>]

Date: Thu, 28 Sep 1995 21:29:14 -0400
From: "Joseph M. Reagle Jr." <reagle () rpcp mit edu>
> Subject: Re: IP: Holes in the Web


> > Dave -- I was surprised to see that this latest security problem was
> > discovered by one of our students at UMBC -- and an undergrad at that!


        RaaRaa UMBC! <smile> (My undergrad institution, been following this
there too, Dr. Finin was the chair of CS when I was there..)


> >  Although an exploit hasn't been produced yet, personally I have been
> > able to modify the PC register on my machine using a special URL. All
> > that's needed is to add some assembly code, and arbitrary instructions
> > can be executed on anyone's browser that executes that URL.


        Buffer-overflows can be very nasty things.  At first I saw that it
crashed the browsers and there was a lot of hype about a third hole in
Netscape, but it wasn't even touted as a huge security bug at first since it
was unclear if one could do anything more than crash someone elses machines
and it was in many browsers.  It'd be neat if they could plant a command on
someone's PC though... (Buffer overflow was one of the most effective tricks
(on finger) of the Morris worm...)  However, this gets back to an
interesting point regarding security... The three breaks occured at 3
relatively different places in the scheme of security things.  The first was
a brute hack on the keyspace, very crypto orientated.  The second attack was
on the poor implementation of random number seed, very
protocol-implementation orientated.  The third was an attack on faulty error
recovery, very OS/app orientated.  It shows the range at which one must be
paranoid to avoid holes, and how terribly difficult it is.


> -------------------------
Regards,
Joseph M. Reagle Jr.     http://farnsworth.mit.edu/~reagle/home.html
reagle () mit edu           0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88