[ISN] Teen cracks Netscape browser filter

From: mea culpa (jerichoat_private)
Date: Tue Aug 18 1998 - 14:58:07 PDT

  • Next message: mea culpa: "[ISN] Microsoft Security Bulletin (MS98-012)"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.980818155602.17268Wat_private>
    Forwarded From: darek milewski <darekmat_private>
    Teen cracks Netscape browser filter
    By Paul Festa
    Staff Writer, CNET NEWS.COM
    August 18, 1998, 1:35 p.m. PT
    URL: http://www.news.com/News/Item/0,4,25403,00.html
    Score one for young free speech advocates in their high-tech battle
    against protective parents. 
    Hours after Netscape Communications debuted the 4.06 version of its
    browser with a new content filtering mechanism--provided for parents,
    teachers, and librarians who want to restrict access to "potentially
    offensive" Web sites--a teen-age developer posted what he describes as a
    simple means of bypassing the filtering feature's password controls. 
    Netscape's 4.06 version of its Communicator Internet software suite,
    posted yesterday, includes a content-filtering feature that the company
    had previously announced would be part of its upcoming 4.5 version of
    Communicator.  Dubbed NetWatch, the feature relies on two Internet ratings
    standards using the World Wide Web Consortium's Platform for Internet
    Content Selection (PICS). PICS lets Web sites rate their own content and
    lets Web browsers read those ratings. 
    Those who download the 4.06 browser can activate and change the ratings
    scheme in their preferences using a JavaScript-enabled NetWatch page. The
    bypass, posted last night, essentially trumps NetWatch by disabling
    NetWatch under the browser preferences with its own JavaScript-enabled Web
    Netscape acknowledged the efficacy of the bypass approach, but said users
    would be unwise to download it because they would be granting an obscure
    developer high-risk security clearance on their computer. 
    "Downloading a certificate is a really big thing," said Communicator
    product manager Edith Gong. "It means you're going to trust anything he's
    going to send down to you. That's what I would consider a pretty high-risk
    Gong pointed out that many libraries and schools prevent software
    downloads of any kind, confining the bypass' threat to NetWatch to home
    Communicator's security strategy for downloading JavaScripts follows what
    is known as a "trust" model, preventing those JavaScripts from carrying
    out certain operations unless a user specifically grants it permission and
    accepting a digital certificate authenticating the sender's identity and
    approving what it proposes to do. Under this model, users are considered
    likely to accept certificates from known entities such as Netscape, and
    not accept certificates from unknown entities like Brian Ristuccia, who
    created the bypass. 
    Ristuccia, a computer science student at the University of Massachussetts
    at Lowell and an employee of Bay Networks, said his programming efforts
    are motivated by free-speech concerns. 
    "Freedom of speech is something thousands have fought and died for," 
    Ristuccia wrote in an email message. "It would be shameful to see
    something as simple as a censorware password suspend this inalienable
    human right." 
    Gong said Netscape's intention in offering NetWatch was to protect younger
    children from inappropriate Web content. She acknowledged that determined
    Web users would be able to find their way around content controls, whether
    that meant downloading a new browser or finding more technologically
    sophisticated methods.  --
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:01:26 PDT