[48663] in Cypherpunks
Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
daemon@ATHENA.MIT.EDU (Mike Fletcher)
Tue Jan 30 10:09:52 1996
To: cypherpunks@toad.com (Cypherpunks Mailing List)
From: Mike Fletcher <fletch@ain.bls.com>
In-Reply-To: Your message of "Mon, 29 Jan 1996 23:12:06 EST."
<199601300412.XAA23037@opine.cs.umass.edu>
Date: Tue, 30 Jan 1996 10:04:31 -0500
> Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops
> up an innocuous dialog box and asks you to enter some sensitive piece of
> information, then sends it off somewhere. About all it takes to write that is
> a modicum of skill in user interface design. You could write it in any
> programming language, but in Java it may be particularly effective, since
> people may come to expect to be prompted for sensitive info over the net by
> Java apps. Maybe the Java folks who just left Sun decided to seize the
> opportunity ;>
But both Sun's and Netscape's implementations make Frame (new
toplevel) windows have "Untrusted Applet Window" sprawled across the
bottom of them.
On a (kinda) related note someone from Sun posted to c.l.java
that they're going to be releasing a signing mechanism for applets
soon. You'll be able to verify that the code comes from where it
says it does so at least when it steals your CC# you'll know whom to
go hunt down.
---
Fletch __`'/|
fletch@ain.bls.com "Lisa, in this house we obey the \ o.O' ______
404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------
