[857] in WWW Security List Archive
Re: Java and trojans: any last words before Netscape 2.0 is out?
daemon@ATHENA.MIT.EDU (Adam Jack)
Tue Sep 19 23:22:33 1995
Date: Tue, 19 Sep 1995 20:03:08 -0400 (EDT)
From: Adam Jack <ajack@corp.micrognosis.com>
To: Prentiss Riddle <riddle@is.rice.edu>
Cc: comp-security-misc@news.cs.utexas.edu, alt-security@news.cs.utexas.edu,
hotjava-interest@java.sun.com, www-security@ns2.rutgers.edu
In-Reply-To: <199509191723.MAA08151@is.rice.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
On Tue, 19 Sep 1995, Prentiss Riddle wrote:
> Netscape Communications Corp. has announced the impending release of a
> beta version of Netscape 2.0 to include Java support.
>
> Is there anything to add to this assessment? Are we walking knowingly
> into a significant decrease in the security of the average Internet
> site? Should security-minded sysadmins ban Java and Netscape 2.0 from
> their systems?
>
If people have more to loose than gain and are worried about this
release - then let them set their firewall HTTP proxy to block all
requests to URLs of the form http://..../*.class.
Note - I don't know wether Netscape introduced a new extension for
their Java-like scripts - but if they did it might be worth
considering restricting responses with a MIME content of
"application/octet-stream".
Hopefully - they can then work out their own policies in their own
good time.
> [Note the wide crossposting. I would like to see an open discussion
> between between the Java and security communities on this issue. If
> you agree that's a good idea, please direct followups via mail to:
I think it might be a tad late for a last ditched discussion on
the topic. I can't see Netscape/Lawyers/Sun changing their minds :-)
Adam
--
+1-203-730-5437 | http://www.micrognosis.com/~ajack/index.html
