[1535] in WWW Security List Archive
Re: JavaScript to grab email (fwd)
daemon@ATHENA.MIT.EDU (Lincoln Stein)
Sun Feb 25 09:30:32 1996
Date: Sun, 25 Feb 1996 11:53:14 +0100
From: Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr>
To: George Spafford <gspaff@execpc.com>
Cc: Dan Stromberg <strombrg@test34a.acs.uci.edu>, www-security@ns2.rutgers.edu
In-Reply-To: <2.2.32.19960223143054.0032b7d0@execpc.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Hello all,
I've just summarized all I know about the security problems with Java
in the WWW Security FAQ, available at:
http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.html
I'm certainly no Java expert, so corrections and additions are quite
welcome.
Lincoln
George Spafford writes:
> The design does, yes, but I am hearing that they have found a bug with the
> Netscape implementation of JavaScript that could allow a host to be
> exploited. I'm basing my comment on hearsay at this point.
>
> --G--
>
> At 04:03 PM 2/22/96 -0800, you wrote:
> >Excuse me?
> >
> >Doesn't the java design preclude this (granted, there may be kinks in
> >the implementation - but not long, if people mention them).
> >
> >George Spafford wrote:
> >>
> >> >From: Jyri Kaljundi <jk@digit.ee>
> >> >To: cypherpunks@toad.com
> >> >Subject: JavaScript to grab email
> >> >Date: Tue, 20 Feb 1996 16:33:21 +0200 (EET)
> >> >
> >> >Another annoying feature in JavaScript and Netscape. Have a look at
> >> ><http://www.popco.com/grabtest.html>
> >>
> >> Well, if you want to take an Orwellian perspective, a person could write a
> >> script in Java to access all kinds of information on the local drive(s),
> >> even take it a step further and gather information from all attached drives
> >> the host has rights to. People got upset about Prodigy and their antics a
> >> couple of years back - I'm not sure how they will react to scripts that
> >> gather information from the local computer covertly.
> >>
> >> --G--
> >> George Spafford
> >> Interlink Publishing
> >> 1301 Harrison Avenue
> >> Saint Joseph, MI 49085
> >> USA
> >>
> >> E-mail: gspaff@execpc.com
> >> il@execpc.com
> >> WWW: http://www.execpc.com/~il
> >>
> >> Down the pipe, through the filters, off the censor . . . there was nothing
> >> left but noise.
> >
> >
> George Spafford
> Interlink Publishing
> 1301 Harrison Avenue
> Saint Joseph, MI 49085
> USA
>
> E-mail: gspaff@execpc.com
> il@execpc.com
> WWW: http://www.execpc.com/~il
>
> Down the pipe, through the filters, off the censor . . . there was nothing
> left but noise.
>
>
