[859] in WWW Security List Archive
Re: Java and trojans: any last words before Netscape 2.0 is out?
daemon@ATHENA.MIT.EDU (Clever Staff)
Wed Sep 20 01:20:08 1995
Date: Tue, 19 Sep 1995 22:15:51 -0400
From: Clever Staff <root@clever.net>
To: Marc VanHeyningen <marcvh@spry.com>
cc: Prentiss Riddle <riddle@is.rice.edu>, www-security@ns2.rutgers.edu
In-Reply-To: <27428.811559376@pellet.spry.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Pretty good. "A kid with a super computer cracked SSL" Does that mean the
same kid can send a trojan too ? The idea is its either mostly secure or
not. I'ld rather not risk my systme to mostly secure. Java/ssl etc .
Silly me.
On Tue, 19 Sep 1995, Marc VanHeyningen wrote:
> Thus wrote:
> >Netscape Communications Corp. has announced the impending release of a
> >beta version of Netscape 2.0 to include Java support.
> >When last we discussed Java security on these lists (see e.g.
> >http://java.sun.com/archives/hotjava-interest/0745.html), the consensus
> >seemed to be that the design of Java precluded viruses and the most
> >heinous forms of security violations, but not an entire class of trojan
> >horses which might carry out denial of service attacks, data leakage,
> >misuse of the network while assuming the victim's identity, etc.
>
> >Is there anything to add to this assessment? Are we walking knowingly
> >into a significant decrease in the security of the average Internet
> >site? Should security-minded sysadmins ban Java and Netscape 2.0 from
> >their systems?
>
> It seems reasonable to assume Netscape will produce a product with
> security comperable in quality to that of their previous products.
>
