1995-10-17 - java flaw

Header Data

From: an407769@anon.penet.fi (jerry the golden retriever)
To: cypherpunks@toad.com
Message Hash: 07c7e429f07573c520cfe0072f40362e9ce726c9a10ffe520032de3108c7af9f
Message ID: <9510170659.AA29634@anon.penet.fi>
Reply To: N/A
UTC Datetime: 1995-10-17 07:19:40 UTC
Raw Date: Tue, 17 Oct 95 00:19:40 PDT

Raw message

From: an407769@anon.penet.fi (jerry the golden retriever)
Date: Tue, 17 Oct 95 00:19:40 PDT
To: cypherpunks@toad.com
Subject: java flaw
Message-ID: <9510170659.AA29634@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


Sun and Netscape fix Java-Navigator flaw

From PC Week for October 16, 1995 by Michael Moeller

Netscape Communications Corp. has identified a flaw in Sun Microsystems
Inc.'s Java development language that caused a security hole in
Netscape's Navigator 2.0 Internet browser.

The flaw left open the possibility for corrupted files or viruses to be
downloaded over the Internet to a host PC.

Netscape officials, in Mountain View, Calif., said the problem occurred
when porting Java to the Netscape platform.

Sun, also based in Mountain View, issued a fix that performs a tighter
security scan of Java applets, or portions of code. Sun officials said
no users were affected by the security flaw.

The company is beta testing Java now, and the final version is scheduled
to be released next month.

Ironically, Java was designed as a secure development language to
prevent users from contracting a virus when downloading an application
over the Internet.

With Java, World-Wide Web application developers can create applets that
are turned into full-scale application code once downloaded by a Java-
enabled browser.

A security feature in Java scans for viruses before activating the
applet.

Java applications are designed to be run within the secure environment
of a Java-enabled browser.

When Java was ported to Netscape, one of the security features "fell
through the cracks," said Arthur van Hoff, senior staff engineer at Sun
and a principal architect of Java.

As a result, a user could have downloaded a corrupt applet that could
have continued to function outside the secure environment of the browser
shell and infected other programs on a user's computer.

Netscape has since released two new versions of its Navigator 2.0
browser for beta testing, one with Java support and one without.

However, Netscape officials said that once the browser is released in
mid-December, all versions of Navigator 2.0 will be Java-enabled.

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi





Thread