[2072] in WWW Security List Archive
Re: Java Hole: Web Graffiti & Covert Channels
daemon@ATHENA.MIT.EDU (Chytracek Radovan)
Mon May 13 07:44:54 1996
Date: Mon, 13 May 1996 11:30:11 +0200 (MET DST)
From: Chytracek Radovan <chytrace@saske.sk>
To: "Donald T. Davis" <don@cam.ov.com>
cc: Jacob Rose <jacob@hummingbird.whiteshell.com>,
www-security@ns2.rutgers.edu
In-Reply-To: <199605101608.MAA01266@gza-client1.cam.ov.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 10 May 1996, Donald T. Davis wrote:
> >> the idea [is] that a user hitting any site on the web after activating
> >> the trojan horse applet, will see whatever it is the trojan horse wants
> >> them to see by REDIRECTING the URL locations to the hacker server ...
>
> jacob rose replied:
> > Goodness, everyone. This is not a bug in Java! You can do this with a
> > CGI script! ... So, really, this problem has nothing to do with Java,
> > it's simply a consequence of hypertext.
>
> the point of the complaint, is that java is supposed to be more
> secure than CGI; that's one of java's main design goals, and one
> which java has consistently failed to meet.
> -don davis, boston
>
I'd say that Java is safe but the programs written in Java are not safe !
#=============================================================#
# Radovan Chytracek Slovak Academy of Sciences #
# Watsonova 47,Kosice,04001, #
# Slovak Republic #
# phone: +42 95 633 2741-2 , ext. 156 fax : +42 95 633 6292 #
#===================#=========================================#
# Linux iii is the # chytrace@saske.sk #
# best (0 0) choice # http://www.saske.sk/~chytrace #
#===ooO==U==Ooo=====#=========================================#
