[1528] in WWW Security List Archive
Re: JavaScript to grab email (fwd)
daemon@ATHENA.MIT.EDU (George Spafford)
Fri Feb 23 12:56:59 1996
Date: Fri, 23 Feb 1996 09:30:54 -0500
To: Dan Stromberg <strombrg@test34a.acs.uci.edu>
From: George Spafford <gspaff@execpc.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
The design does, yes, but I am hearing that they have found a bug with the
Netscape implementation of JavaScript that could allow a host to be
exploited. I'm basing my comment on hearsay at this point.
--G--
At 04:03 PM 2/22/96 -0800, you wrote:
>Excuse me?
>
>Doesn't the java design preclude this (granted, there may be kinks in
>the implementation - but not long, if people mention them).
>
>George Spafford wrote:
>>
>> >From: Jyri Kaljundi <jk@digit.ee>
>> >To: cypherpunks@toad.com
>> >Subject: JavaScript to grab email
>> >Date: Tue, 20 Feb 1996 16:33:21 +0200 (EET)
>> >
>> >Another annoying feature in JavaScript and Netscape. Have a look at
>> ><http://www.popco.com/grabtest.html>
>>
>> Well, if you want to take an Orwellian perspective, a person could write a
>> script in Java to access all kinds of information on the local drive(s),
>> even take it a step further and gather information from all attached drives
>> the host has rights to. People got upset about Prodigy and their antics a
>> couple of years back - I'm not sure how they will react to scripts that
>> gather information from the local computer covertly.
>>
>> --G--
>> George Spafford
>> Interlink Publishing
>> 1301 Harrison Avenue
>> Saint Joseph, MI 49085
>> USA
>>
>> E-mail: gspaff@execpc.com
>> il@execpc.com
>> WWW: http://www.execpc.com/~il
>>
>> Down the pipe, through the filters, off the censor . . . there was nothing
>> left but noise.
>
>
George Spafford
Interlink Publishing
1301 Harrison Avenue
Saint Joseph, MI 49085
USA
E-mail: gspaff@execpc.com
il@execpc.com
WWW: http://www.execpc.com/~il
Down the pipe, through the filters, off the censor . . . there was nothing
left but noise.
