W3C home > Mailing lists > Public > www-font@w3.org > October to December 1997

Re: IE4 font security flaw

From: David Holzgang <cheshire@sonic.net>
Date: Thu, 23 Oct 1997 17:39:57 -0700
Message-Id: <199710240459.VAA13332@sub.sonic.net>
To: "Clive Bruton" <clive@typonaut.demon.co.uk>, <www-font@w3.org>

Seems like a reasonable option, given that MS says it won't do anything
about the problem. I assume (from that comment) that Daniel first notified
MS about this. Presumably, if they were going to fix it, he wouldn't have
posted this. Now that the whole world (so to speak) is working on cracking
this, MS may have some incentive to get off their *#$)&&% and *fix* it.

If you have a better option, I'd be interested in hearing what it was.

David Holzgang

From: Clive Bruton <clive@typonaut.demon.co.uk>
To: www-font@w3.org
Subject: Re: IE4 font security flaw
Date: Thursday, October 23, 1997 3:40 PM

Daniel Will-Harris wrote at 23/10/97 10:13 pm

>The browser’s new
>OpenType font embedding feature...

I believe, though I could be wrong, that IE4 is not OpenType savvy, all it
is doing is accessing embedded TrueType (with the aid of WEFT), as many
other apps can do.

I'm not saying this is a good thing, just that OpenType isn't the problem
(in this case at this time).

>No one other than myself has yet uncovered the simple steps
>to do so and I will not reveal the steps here, because I don’t want people
>pirating fonts.

But I'll just broadcast the fact that it's so simple and see if I can tempt
a few thousand people into trying?

-- Clive

Received on Friday, 24 October 1997 01:00:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:01:38 UTC