[858] in WWW Security List Archive
Re: Java and trojans: any last words before Netscape 2.0 is out?
daemon@ATHENA.MIT.EDU (Marc VanHeyningen)
Wed Sep 20 00:51:59 1995
From: marcvh@spry.com (Marc VanHeyningen)
To: riddle@is.rice.edu (Prentiss Riddle)
cc: www-security@ns2.rutgers.edu
In-reply-to: Your message of "Tue, 19 Sep 1995 12:23:54 CDT."
<199509191723.MAA08151@is.rice.edu>
Date: Tue, 19 Sep 1995 18:09:36 -0700
Errors-To: owner-www-security@ns2.rutgers.edu
Thus wrote:
>Netscape Communications Corp. has announced the impending release of a
>beta version of Netscape 2.0 to include Java support.
>When last we discussed Java security on these lists (see e.g.
>http://java.sun.com/archives/hotjava-interest/0745.html), the consensus
>seemed to be that the design of Java precluded viruses and the most
>heinous forms of security violations, but not an entire class of trojan
>horses which might carry out denial of service attacks, data leakage,
>misuse of the network while assuming the victim's identity, etc.
>Is there anything to add to this assessment? Are we walking knowingly
>into a significant decrease in the security of the average Internet
>site? Should security-minded sysadmins ban Java and Netscape 2.0 from
>their systems?
It seems reasonable to assume Netscape will produce a product with
security comperable in quality to that of their previous products.
