Is it appropriate to call a java implementation-related security hole a java hole? That'd be like calling a bug in pine a bug in internet e-mail. On Fri, 17 Jul 1998, Gary McGraw wrote: > Hello all, > > Princeton's Safe Internet Programming Team recently announced the > discovery of a serious Java security hole that can be leveraged into > an attack applet. Their description follows: > ------------------------------------------------------------------------ > We have found another Java security flaw that allows a malicious applet > to disable all security controls in Netscape Navigator 4.0x. After > disabling the security controls, the applet can do whatever it likes on > the victim's machine, including arbitrarily reading, modifying, or > deleting files. We have implemented a demonstration applet that deletes > a file. <clip> Greg Alexander - also <galexandat_private> - http://sietch.home.ml.org/ ---- Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec Any sufficiently advanced feature is indistinguishable from a bug. -- Greg's corollary
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:05 PDT