Patrick Oonk wrote: > With the Bell Labs and NRL systems I found a different > failure. With a simple JavaScript expression I was > able to query the IP address and host name of the > browser computer. The query was done by calling the > Java InetAddress class using the LiveConnect feature > of Netscape Navigator. Once JavaScript has this > information, it can easily be transmitted it back to a > Web server as part of a URL. This is not news. We (Major Malfunction and I) pointed this hole out years ago (in Jan '97 to be precise; seems even longer): http://www.alcrypto.com/java/ to quote the page: "Even the mighty anonymizer retires after the first round, nose bleeding and ego bruised." Well, you know, these guys with weird names like the flowery prose :-) Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:37 PDT