Howdy, Have othere here seen and read the recent article in information security magazine; http://www.infosecuritymag.com/articles/june01/columns_curmudgoens_corner.shtml The gist of the article boils down to these statments: Hostile Java applets are a perfect example of an over-hyped security threat that has no basis in reality. For years, we've been warned about crackers and unethical Web-site operators surreptitiously placing evil Java code on Web servers. The hostile applets would secretly steal or sabotage data on the PC of any visiting user. But after six years of warnings, such exploits have never materialized. Hostile applet attacks remain theoretical for two reasons. First, what few Java vulnerabilities have appeared have been fiendishly hard to exploit. And second, such an attack would provide little benefit to attackers--e-mail is a much more efficient mechanism for spreading hostile code. To put the situation into perspective, more computer damage is caused by fire and weather than by Web-based hostile Java applets. Even insects cause more damage than Java, so why aren't those bugs front-page news, too? The FUD surrounding Java is a lesson in the perils of believing everything you hear. To understand why this non-threat has assumed such epic proportions, you have to go back to 1995. </quote> Are folks in the industry changing their stances on the security implcations of java these days? Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://www.nfr.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 14:20:06 PDT