1996-01-30 - Fooling people with Java applets

Header Data

From: br@scndprsn.Eng.Sun.COM (Benjamin Renaud)
To: llurch@networking.stanford.edu
Message Hash: 0c6dbddddd5af40988c81e359516e027c0d0739f8caa1ee0dc9034a3ac9d253d
Message ID: <199601300736.XAA11243@springbank.Eng.Sun.COM>
Reply To: N/A
UTC Datetime: 1996-01-30 08:22:04 UTC
Raw Date: Tue, 30 Jan 1996 16:22:04 +0800

Raw message

From: br@scndprsn.Eng.Sun.COM (Benjamin Renaud)
Date: Tue, 30 Jan 1996 16:22:04 +0800
To: llurch@networking.stanford.edu
Subject: Fooling people with Java applets
Message-ID: <199601300736.XAA11243@springbank.Eng.Sun.COM>
MIME-Version: 1.0
Content-Type: text/plain


|Hmm. Actually, what do Java dialog prompts look like? Is there any
|indication that they come from Java, or can they be made to look like any
|dialog from any program, or the OS itself? I suppose this is
|implementation-dependent. 
|
|One "neat" trick would be an applet that sleeps for several minutes and 
|then suddenly pops up asking for your system password, or something. 
|A heck of a lot of people fell for something much more primitive at AOL.

All graphical UI elements spawed by an applet, which are the only ones
that can get user events, are clearly marked as "untrusted applet
window"s.

So unless you type your password in a pop-up marked "untrusted applet
window", you should be fine. And if you do, you arguably deserve
whatever happens to you....

-- Benjamin Renaud
   Java Products Group





Thread