|
|
|
|
|
|
|
|
|
|
OFFICIAL DOMINOPOWER SECURITY ALERT
Netscape Communicator 4.5 security alert
By David Gewirtz
| Dave Winer originally brought the following information to light on his Scripting News site (located at http://www.scripting.com). What follows is based on Dave's original postings and his follow-up interview with Ramanathan Guha, lead developer of Netscape's What's Related feature. The editorial staff here at DominoPower considers this information so serious that it warrants an Official DominoPower Security Alert.
|
Winer originally believed that, when you used Communicator 4.5, it was sending every URL you visited back to Netscape's servers. This was later clarified, and in fact is not happening. But what is happening is of serious concern.
Netscape Communicator 4.5 introduces a feature called What's Related. If you're running Communicator and click the What's Related button, shown in Figure A, Netscape will attempt to provide you a list of related sites. This behavior does not concern us. What happens next, does.
FIGURE A
Nothing happens until you click What's Related. When you do, the next three URLs are sent to Netscape. Click picture for a larger image.
According to Winer's report on his discussions with Guhu, for the next three sites you visit, regardless of whether they're ones suggested by What's Related, Communicator 4.5 is sending the URLs back to Netscape's database. You can control some of how this happens by setting the Smart Browsing options in the Netscape Preferences dialog, as shown in Figure B.
FIGURE B
You can exercise some control over how the What's Related function operates by setting the appropriate preferences. Click picture for a larger image.
Corporate security and liability concerns
There are both corporate security concerns and moral concerns here. Let's assume that after accessing What's Related, you next attempt to access a page within your corporate network. That URL is also transmitted to Netscape. Or you want to log into an outside discussion forum (one that embeddeds access information into the URL). That URL is also sent to Netscape. Or, let's assume you have a life, and you want to go to some site that others might not approve of. Netscape would know whether it's a porn site, a sports site, something about a medical condition, something that might give away your sexual preferences, or implies you might have an unhealthy interest in Beanie Baby collecting. Whatever it is, that information would be sent back to Netscape.
Frankly, we are somewhat less concerned about this "feature" of Communicator 4.5 when accessing data on Domino-operated sites since Domino has considerable access control and the URLs are not easily subject to disassembly. But we are concerned for your corporate citizens' rights and for your company liability.
[ Next ]
|
|
|
|
|
|
-- Advertisement --
2-Minute Tutorials
How do I...
- integrate MS Office or OpenOffice with Notes?
- create cross-tab reports and charts?
- print serial letters and mailing labels?
- create PDFs in Lotus Notes?
Check out the 2-minute tutorials here. |
-- Advertisement --
DEPARTMENT CALENDAR - MANAGE AND SHARE A COMMON CALENDAR WITH YOUR TEAMS
Are you responsible for improving your organization's Group Calendaring tool? Have you been tasked to find a true group calendar tool with Itinerary, Time-Off, Sign In/Out and Bulletins/Events module that seamlessly integrates with Domino calendaring?
If so, Logic Springs Technologies will make answering these questions a whole lot easier!
Learn how by visiting us at www.departmentcalendar.com |
|
|
|
|
|
|
|
|
