[4588] in WWW Security List Archive
[ANNOUNCE] MSIE/Netscape Java hacks
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Feb 25 19:13:33 1997
To: www-security@ns2.rutgers.edu
Date: Tue, 25 Feb 1997 18:32:10 +0000 (GMT)
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Cc: <ben@gonzo.ben.algroup.co.uk>
Reply-To: ben@algroup.co.uk
Errors-To: owner-www-security@ns2.rutgers.edu
A.L. Digital Announce Java Hacks
--------------------------------
25th Feb 1997
A.L. Digital, in association with Ben Laurie and Major Malfunction, have found
and exploited a loophole in Microsoft Internet Explorer V3.01.
In brief, this loophole allows an attacker to connect to any TCP/IP port on
the client's machine.
A less serious hole has also been found in Netscape Navigator V3.0. This
permits an attacker to discover the client's hostname and IP address despite
firewalls or even anonymizers.
A.L. Digital notified Microsoft and Netscape of these problems as soon as they
were discovered, in January, and delayed public release to allow them to work
around the problems.
A.L. Digital is a high-tech consultancy, specialising in Internet and security
matters.
Full details can be found at http://www.alcrypto.co.uk/java
--
Ben Laurie Phone: +44 (181) 994 6435 Email: ben@algroup.co.uk
Freelance Consultant and Fax: +44 (181) 994 6472
Technical Director URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd, Apache Group member (http://www.apache.org)
London, England. Apache-SSL author
