|
|
|
|
|
|
|
|
|
|
OFFICIAL DOMINOPOWER SECURITY ALERT
Netscape Communicator 4.5 security alert
By David Gewirtz
| Dave Winer originally brought the following information to light on his Scripting News site (located at http://www.scripting.com). What follows is based on Dave's original postings and his follow-up interview with Ramanathan Guha, lead developer of Netscape's What's Related feature. The editorial staff here at DominoPower considers this information so serious that it warrants an Official DominoPower Security Alert.
|
Winer originally believed that, when you used Communicator 4.5, it was sending every URL you visited back to Netscape's servers. This was later clarified, and in fact is not happening. But what is happening is of serious concern.
Netscape Communicator 4.5 introduces a feature called What's Related. If you're running Communicator and click the What's Related button, shown in Figure A, Netscape will attempt to provide you a list of related sites. This behavior does not concern us. What happens next, does.
FIGURE A
Nothing happens until you click What's Related. When you do, the next three URLs are sent to Netscape. Click picture for a larger image.
According to Winer's report on his discussions with Guhu, for the next three sites you visit, regardless of whether they're ones suggested by What's Related, Communicator 4.5 is sending the URLs back to Netscape's database. You can control some of how this happens by setting the Smart Browsing options in the Netscape Preferences dialog, as shown in Figure B.
FIGURE B
You can exercise some control over how the What's Related function operates by setting the appropriate preferences. Click picture for a larger image.
Corporate security and liability concerns
There are both corporate security concerns and moral concerns here. Let's assume that after accessing What's Related, you next attempt to access a page within your corporate network. That URL is also transmitted to Netscape. Or you want to log into an outside discussion forum (one that embeddeds access information into the URL). That URL is also sent to Netscape. Or, let's assume you have a life, and you want to go to some site that others might not approve of. Netscape would know whether it's a porn site, a sports site, something about a medical condition, something that might give away your sexual preferences, or implies you might have an unhealthy interest in Beanie Baby collecting. Whatever it is, that information would be sent back to Netscape.
Frankly, we are somewhat less concerned about this "feature" of Communicator 4.5 when accessing data on Domino-operated sites since Domino has considerable access control and the URLs are not easily subject to disassembly. But we are concerned for your corporate citizens' rights and for your company liability.
[ Next ]
|
|
|
|
|
|
-- Advertisement --
2-Minute Tutorials
How do I...
- integrate MS Office or OpenOffice with Notes?
- create cross-tab reports and charts?
- print serial letters and mailing labels?
- create PDFs in Lotus Notes?
Check out the 2-minute tutorials here. |
-- Advertisement --
How good are your Notes Reports?
Integra for Notes provides high value reporting and data analysis from Lotus Notes databases using Microsoft Word, Excel and PDF files.
- Enhance traditional static reports with Excel data analysis, pivot tables, macros
- Report from any Lotus Notes databases without changes to database design
- Runs reports through a Lotus Notes client and a web browser
- Enables Report scheduling or distribution by e-mail, printing or storing in a Notes database
- Allows use of LotusScript for advanced data manipulation
Enables self service reporting capabilities to end-users.
Click For More Info. |
|
|
|
|
|
|
|
|
