With the arrival of the Web, TCP/IP united these services behind a common
protocol. Suddenly, a fabric of intercommunication was woven between
disparate on-line services; mail was free to roam. With a simple
[email protected] address, you were a global presence.
Whether it was timing or luck, Netscape Communications Corporation benefited
from mass communication methods provided by mail and newsgroups.
The moment they posted their first browser to the net, a veritable flood
of feedback from users resulted.. “Why doesn’t this work?”
“When will we see the next browser?” “How about if you add this feature?”
It was free advice and Netscape took it.
The value of this feedback increased enormously when electronic commerce
became viable on the Internet. Before people started sending
their credit card numbers over the Net, they wanted reasonable assurances
that no one else was going to see them. The security of the browser
is paramount. Once again, the global village of concerned citizens
proved invaluable.
It seemed to be a game -- university students around the world were
hacking on the browser to find security bugs. Once found, they’d
contact Netscape who would hunker down and issue a quick fix. When
trade magazines would run front-page articles about at severity of the
latest bug, Netscape spin doctors proclaimed, “We’ve issued a fix.”
“Don’t worry, your data is safe.” “Thanks to so-in-so University.
We sure dig free testing.”
There was an unspoken respect between consumer and producer. Universities
find the bugs, Netscape fixes them, and issues a press release thanking
the university for its cooperation. Netscape honestly wasn’t looking
to change that balance when they created the Bugs Bounty program, offering
a grand and a T-shirt to confirmed security bug finders.
The Web’s roots in universities’ systems around the world have created
an optimistic hope that the “world” created will somehow be a better, more
democratic, less cruel environment than the one we live in. The greed
demonstrated by the Danish bug is a painful reminder that even the digital
global village suffers from the clash between the haves and the have-nots.
Last week, a
significant security flaw was found in each version of the
Netscape browser dating back to 2.0. The individual who found the
bug knew about Bugs Bounty, but decided upon malicious capitalization instead.
He demanded more cash. When Netscape balked, he went to the press and demonstrated
the bug, as he threatened
in his e-mail. Plain and simple blackmail.
For those not versed in the ways of web site administration, you should
know that web servers keep log files of accesses to web pages. For
instance, when you accessed this page, a set of data was instantly recorded
on the server that included your IP address, the page you request, the
time and date you requested it, and, most important, the address of the
site you just came from – often called the referrer log.
Some highlights and tidbits from this years’ referrer log:
Web spiders continue to be infrequent visitors to our site, but I remain
underwhelmed about their usefulness. Being touted as web crawlers
implies they’ll somehow be able to traverse a site. Automated visits
to the Digest result in a partial indexing of our welcome page… and that’s
about it.