Re: New Java Security Flaw Found

• Previous message: Lars-Erik Johansson: "Re: Security risk with powermanagemnet on Solaris 2.6"
• Maybe in reply to: Gary McGraw: "New Java Security Flaw Found"
• Next in thread: Sean Garagan: "Re: New Java Security Flaw Found"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is it appropriate to call a java implementation-related security hole a java
hole?  That'd be like calling a bug in pine a bug in internet e-mail.

On Fri, 17 Jul 1998, Gary McGraw wrote:

> Hello all,
>
> Princeton's Safe Internet Programming Team recently announced the
> discovery of a serious Java security hole that can be leveraged into
> an attack applet.  Their description follows:
> ------------------------------------------------------------------------
> We have found another Java security flaw that allows a malicious applet
> to disable all security controls in Netscape Navigator 4.0x.  After
> disabling the security controls, the applet can do whatever it likes on
> the victim's machine, including arbitrarily reading, modifying, or
> deleting files.  We have implemented a demonstration applet that deletes
> a file.
<clip>

Greg Alexander - also <galexandat_private> - http://sietch.home.ml.org/
----
Any sufficiently advanced bug is indistinguishable from a feature.
                -- Rich Kulawiec
Any sufficiently advanced feature is indistinguishable from a bug.
                -- Greg's corollary

• Next message: Fred Donck: "Fwd: Security warning: Netscape 4.0x https & Squid 1.2beta proxy"
• Previous message: Lars-Erik Johansson: "Re: Security risk with powermanagemnet on Solaris 2.6"
• Maybe in reply to: Gary McGraw: "New Java Security Flaw Found"
• Next in thread: Sean Garagan: "Re: New Java Security Flaw Found"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:05 PDT