[3331] in java-interest
Re: PRINCETON STUDENTS FIND HOLE IN INTERNET SECURITY SOFTWARE
daemon@ATHENA.MIT.EDU (Arthur van Hoff)
Tue Nov 7 21:59:01 1995
Date: Tue, 7 Nov 1995 16:16:04 -0800
From: Arthur.Vanhoff@Eng.Sun.COM (Arthur van Hoff)
To: will@meister.com
Cc: java-interest@java.Eng.Sun.COM
Hi Will,
> >(((Two students found that))) viruses and other malicious programs (((are)))
> >>possible within the alpha HotJava web browser. The
> >holes they found make it possible for a malicious applet to set things up so
> >as to be able to monitor or modify all of a given web-surfer's
> >activity. By doing so the applet may make it possible to violate user's
> >privacy >by revealing to an third party their web traffic.
> >The holes they found exist only in the alpha release of HotJava. The
> >beta release, which is the version found in the widely-used Netscape
> >Navigator 2.0b1J is not vulnerable to these attacks.
>
> Guys, I'm sure everyone read this post carefully. I was unimpressed-I would
> never have dreamed that Java could run without offering such loopholes, and
> was most surprised to find that the beta version has cured the alpha
> version's (alleged) deficiencies. However, I would still appreciate some
> kind of statement from Sun on the subject. Sorry to pull you away from the
> development process-but I know I'd feel happier if I was sure you had this
> one nailed down, and I suspect that a few other people might feel the same.
Let me know what the holes are and I'll tell you what we've done about
it. As far is I know we are not aware of major security holes in
the alpha3 release, but we'd like to find out because we want to make
sure that they have been fixed in the beta release. In my personal opinion,
this press release is mostly hype. Due to the pull rather then push model
of the WWW it is hard, if not impossible, to write a real virus. Please
send us more info. We need all the help we can get to resolve any security
issues that may occur.
Have fun,
Arthur van Hoff
-
This message was sent to the java-interest mailing list
Info: send 'help' to java-interest-request@java.sun.com
