[2020] in WWW Security List Archive
Java Hole: Web Graffiti & Covert Channels
daemon@ATHENA.MIT.EDU (Chad Owen Yoshikawa)
Thu May 9 00:34:17 1996
From: Chad Owen Yoshikawa <chad@CS.Berkeley.EDU>
To: cypherpunks@toad.com, www-security@ns2.rutgers.edu
Date: Wed, 8 May 1996 19:10:00 -0700 (PDT)
Cc: chad@CS.Berkeley.EDU, bnc@CS.Berkeley.EDU
Errors-To: owner-www-security@ns2.rutgers.edu
--------------------------------------------------------
Web Graffiti & High Bandwidth Covert Channels Using Java
--------------------------------------------------------
While developing a chat server using Java as a frontend, we've
been exploiting what we think is a new Java security hole in
Java-enabled browsers such as Netscape. The hole allows for
opening sockets to arbitrary ports on web servers that serve
Trojan-horse applets.
We've also used a known security hole (covert channels) first mentioned
in work by the SIP group at Princeton to create what we call
'Web Graffiti' - the dynamic insertion of text, graphics, applets, into
HTML pages.
Both of these attacks are three-party attacks and require Trojan-
horse applets. For a draft of a paper that is work in progress,
point your browser to:
http://whenever.CS.Berkeley.EDU/graffiti/
Chad Yoshikawa Brent Chun
chad@cs.berkeley.edu bnc@cs.berkeley.edu
