This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------B9C3A3605B422D08BFA0C62F Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-ID: <Pine.SUN.3.96.980818155602.17268Wat_private> Forwarded From: darek milewski <darekmat_private> Teen cracks Netscape browser filter By Paul Festa Staff Writer, CNET NEWS.COM August 18, 1998, 1:35 p.m. PT URL: http://www.news.com/News/Item/0,4,25403,00.html Score one for young free speech advocates in their high-tech battle against protective parents. Hours after Netscape Communications debuted the 4.06 version of its browser with a new content filtering mechanism--provided for parents, teachers, and librarians who want to restrict access to "potentially offensive" Web sites--a teen-age developer posted what he describes as a simple means of bypassing the filtering feature's password controls. Netscape's 4.06 version of its Communicator Internet software suite, posted yesterday, includes a content-filtering feature that the company had previously announced would be part of its upcoming 4.5 version of Communicator. Dubbed NetWatch, the feature relies on two Internet ratings standards using the World Wide Web Consortium's Platform for Internet Content Selection (PICS). PICS lets Web sites rate their own content and lets Web browsers read those ratings. Those who download the 4.06 browser can activate and change the ratings scheme in their preferences using a JavaScript-enabled NetWatch page. The bypass, posted last night, essentially trumps NetWatch by disabling NetWatch under the browser preferences with its own JavaScript-enabled Web page. Netscape acknowledged the efficacy of the bypass approach, but said users would be unwise to download it because they would be granting an obscure developer high-risk security clearance on their computer. "Downloading a certificate is a really big thing," said Communicator product manager Edith Gong. "It means you're going to trust anything he's going to send down to you. That's what I would consider a pretty high-risk operation." Gong pointed out that many libraries and schools prevent software downloads of any kind, confining the bypass' threat to NetWatch to home users. Communicator's security strategy for downloading JavaScripts follows what is known as a "trust" model, preventing those JavaScripts from carrying out certain operations unless a user specifically grants it permission and accepting a digital certificate authenticating the sender's identity and approving what it proposes to do. Under this model, users are considered likely to accept certificates from known entities such as Netscape, and not accept certificates from unknown entities like Brian Ristuccia, who created the bypass. Ristuccia, a computer science student at the University of Massachussetts at Lowell and an employee of Bay Networks, said his programming efforts are motivated by free-speech concerns. "Freedom of speech is something thousands have fought and died for," Ristuccia wrote in an email message. "It would be shameful to see something as simple as a censorware password suspend this inalienable human right." Gong said Netscape's intention in offering NetWatch was to protect younger children from inappropriate Web content. She acknowledged that determined Web users would be able to find their way around content controls, whether that meant downloading a new browser or finding more technologically sophisticated methods. -- --------------B9C3A3605B422D08BFA0C62F-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:01:26 PDT