Colloquium Speaker

Dr. Jim Roskind
Attacks Against the Netscape Communicator
Date: Thursday, November 13, 2003
Time: 11:00AM
Place: Gould-Simpson, Room 701
Refreshments will be served in the 7th floor lobby of Gould-Simpson at 10:45AM


The Netscape Communicator client was deployed on millions of desktops. It was also subject to attacks that attempted to gain unauthorized access to data on the client's computers, if not complete control of the computer. This talk discusses a broad range of examples of attacks that have been proposed against the Communicator application along with ways that the application evolved to block them.

Although the talk discusses numerous actual attacks across the history of Netscape, it also works to abstract elements of attacks, and show how they assemble to form exploits. The talk begins with a discussion of covert channels, and explains why such channels are a relatively unstoppable element of a browser. The first browser attack listed centers on DNS False Advertising (not, DNS compromise!), and discusses the potential subversion of a firewall. This also nicely demonstrates the security confusion that results from composition of large systems. The second flaw involves the Java class verifier and its vulnerability to multithread attacks. This not only demonstrates the real-world difficulty of writing good thread safe code, it also shows a surprising appearance of multi-threaded code without any intentional coding by the reporters (who stumbled upon this bug... but never realized the security ramifications). The next attack provides an elegant example of how the introduction of JavaScript Language feature induced changes of assumptions and created a rather large bug in what was previously safe, secure, and correct code. The next flaw discussed involves the java symbol table, and demonstrates that buffer overruns, though common and popular today, are actually only a hint of the wider range of overrun errors that are possible. The next problem addressed involves the FILE: URL, and explains how it was used to attack privacy, and may still be used to construct novel cross-application exploits. The last issue generalizes vulnerabilities due to insufficient HTML escaping. Such user-supplied-content escaping issues are generally only seen in server applications, but the discussion demonstrates how common vulnerability merges with several of the previous issues to create a variety of new attack vectors.

During 8 years at Netscape/AOL/TW, Dr. Jim Roskind had titles including VP/CTO of System Infrastructure for America Online, VP/Chief Scientist Netscape, Netscape/Netcenter Security Architect, and Netscape's Java Security Architect. Jim's time as the Java Security Architect in Netscape's Client Product Division, placed him in the near the epicenter of almost all security related problems that appeared in the browser. In addition to tasks involved with technically reconciling issues, he was also a common liaison with contributors that reported security issues (both real and imagined). His notable technical accomplishments at Netscape included the architecture and deployment of signed Java.

Before joining Netscape in 1995, Jim was a co-founder of Infoseek Corporation, and later Chief Scientist. Dr. Roskind holds an SB Electrical Engineering, SB Computer Science, SM EECS (1980), and PhD EECS (1983), all from Massachusetts Institute of Technology. His current research and development focus is on his daughter Brianna, now age 3, and son Dylan, soon to be 1, all studied in collaboration with his wife Melinda.