Brown Orifice Vulnerability

Home > Community > The Vendio Round Table > Brown Orifice Vulnerability

<< previous topic

post new topic

post reply

next topic >>

This topic is 3 pages long: 1 2 3

Community Guidelines

pareau	posted on September 11, 2000 05:33:01 PM Quit snickering, this is serious. NEW SECURITY GAP FOUND IN NETSCAPE'S BROWSER If you use the Netscape Web browser ("Communicator" ), you need to be aware that a Web site you visit can use Java programming to make your PC act like a Web server, displaying a directory listing of the files on your hard disk, and providing access to them. The flaw (called Brown Orifice Vulnerability) is not a major problem, because you must access a Web page deliberately designed with the malicious code, and that's not very likely. As of the date I'm writing this, Netscape was investigating the problem and planning to make a patch available, but if you use Netscape's browser and don't want to take any chances, you can protect yourself in the meantime by turning off Java. The company's Web site addresses how to do that, as well as other security issues that affect Communicator: http://home.netscape.com/security/notes/index.html from Henri Delger of Tipworld, Sept. 7, 2000 Yet another reason to turn off Java.
cariad	posted on September 11, 2000 05:41:03 PM In other words...... CYA??????? cariad Noah's last words: "damn woodpeckers"
barrybarris	posted on September 11, 2000 05:53:19 PM Pareau, The title "Brown Orifice Vulnerability" had me worried. Then I read it is only a computer problem, what a relief... Barry (I thought I might need a doctor appointment) Barris
ShellyHerr	posted on September 11, 2000 05:58:02 PM [ edited by ShellyHerr on Sep 27, 2000 06:08 PM ]
pareau	posted on September 11, 2000 06:21:04 PM No, Shelly, did not want to bug you. Wanted to make sure you were okay. Glad you are. For future reference, you might appreciate knowing that emails from one [email protected] to another are headerless, like PMs. No IP disclosure. It was tested during a discussion in the MC among people who never miss an opportunity to show one another up, and they concurred on their findings. They also agreed that this could change in the future, if AW reconfigured their SW in some respect, but that's how it is now. Which probably has as much meaning as a Communicator security warning to someone who doesn't use Netscape, but what the hay, my sapphire self is feeling helpy tonight. - Pareau
rawbunzel	posted on September 11, 2000 07:59:31 PM Pareau, Thank you for the warning. I always use Netscape and have always felt smug as it seemed IE5 had all the problems! Wrong I guess! ShellyHerr-I think -think - I know what Pareau was alluding to when the thread with your name was started. I could be wrong [and probably am] but if you want my take on it you can email me at my auctionwatch email and I will be happy to tell you what I think it meant.
ShellyHerr	posted on September 11, 2000 08:17:27 PM rawbunzel-can you recieve email to your auctionwatch email from any email, or does it have to be from another auctionwatch email address? was that a confusing ? or what?
ShellyHerr	posted on September 11, 2000 08:22:04 PM pareau sure ok, whatever, like I am supposed to know what PM 's mean? Ok I get the SW -SOFTWARE, why does everything you say really really ..... ok I won't go over any CG lines ya little sapphire
rawbunzel	posted on September 11, 2000 08:31:09 PM Shelly, I can get mail from everywhere!It is just that if you use it user to user then there are no headers so it is like PM [private messaging].
ShellyHerr	posted on September 11, 2000 08:38:41 PM rawbunzel-CYE
rawbunzel	posted on September 11, 2000 08:47:26 PM Shelly! Got it! Now see yours! That is my first email to that address! Glad it worked!
pareau	posted on September 11, 2000 08:53:30 PM Thanks for fielding this and doing the acronyms, rawbunzel. I may get dug out yet, with your good help. - Pareau
rawbunzel	posted on September 11, 2000 08:55:07 PM Hi Pareau! If you want to you can email me here also and then you can tell me if I am right!
ShellyHerr	posted on September 11, 2000 08:55:17 PM Rawbunzel - it worked!
ShellyHerr	posted on September 11, 2000 09:13:03 PM Hi Rawbunzel, if you want you can tell him what you said, and if its the same.... DANG !!!!! LOL! not using you as a middleperson here! LOL! but it seems like it, sorry!
pareau	posted on September 11, 2000 09:20:23 PM Rawbunzel, you're great! I will email you in a bit with my explanation, or you can email me with your thoughts, and either way, we'll get as clear as you can with me in the middle, and thanks very much for pulling this together! Are you sure you're not a sapphire emerald? - Pareau
rawbunzel	posted on September 11, 2000 09:34:07 PM <-------never been a middleman before! Pareau, I have emailed you the condensed version of my "theory". edited just because [ edited by rawbunzel on Sep 11, 2000 09:54 PM ]
barrybarris	posted on September 11, 2000 09:46:09 PM The suspense is killing me... Barry (anyone want some ice cream?) Barris
ShellyHerr	posted on September 11, 2000 09:54:25 PM yes me too, pareau? did you get her email yet? LOL rawbunzel! no ice cream Barry, but how bout a straight shot of Irish whiskey? I'd like one!
barrybarris	posted on September 11, 2000 10:25:57 PM ShellyHerr, You got it, one (or two or four) straight shots of Irish whiskey coming right up. Barry (The Unofficial Auction Watch Bartender) Barris
pareau	posted on September 11, 2000 10:28:57 PM Hi, I am back and have logged on, but no emails. I checked my preferences, and they're set to receive from "myauctionwatch.com" addresses, so I don't know why I'm not getting the mail. Two ideas: I will add you to my addressbook, rawbunzel, JIC, and mention that I am lower-case "pareau," not "Pareau" (I think it makes a difference with the mail). I sure am glad to see Shelly laughing. That's a relief! - Pareau
rawbunzel	posted on September 11, 2000 10:30:58 PM pareau, why don't you write to me and then I can just hit reply! I am sure I used lower case for your email address.
pareau	posted on September 11, 2000 10:34:08 PM Okay, rawbunzel. I will do the completely abbreviated version of my concern, and we'll go from there. Just a few minutes....
rawbunzel	posted on September 11, 2000 10:35:30 PM OK
ShellyHerr	posted on September 11, 2000 10:40:25 PM Thank you Barry 'just' a double shot'll do!
barrybarris	posted on September 11, 2000 10:41:12 PM ShellyHerr, Ready for that second shot? Barry (it's a good night to party) Barris
barrybarris	posted on September 11, 2000 10:44:13 PM ShellyHerr, We were both typing at the same time. So how about a second double shot? Barry (it's still a great night to party) Barris
ShellyHerr	posted on September 11, 2000 10:44:59 PM Gimme another shot Barry.... LOL!
barrybarris	posted on September 11, 2000 10:50:04 PM ShellyHerr, Be glad to, here you go... Barry (happy, happy, happy) Barris
pareau	posted on September 11, 2000 10:50:23 PM Barry, you ever try Calvados (applejack)? Bet you'd like it, especially since you're in apple territory. I've emailed, rawbunzel. I forgot how to abbreviate, though. Sorry.

This topic is 3 pages long: 1 2 3

Return to top of page

All times are Pacific Time

Jump to

All content © 1998-2025 Vendio all rights reserved. Vendio Services, Inc.™, Simply Powerful eCommerce, Smart Services for Smart Sellers, Buy Anywhere. Sell Anywhere. Start Here.™ and The Complete Auction Management Solution™ are trademarks of Vendio. Auction slogans and artwork are copyrights © of their respective owners. Vendio accepts no liability for the views or information presented here.

The Vendio free online store builder is easy to use and includes a free shopping cart to help you can get started in minutes!