From: an407769@anon.penet.fi (jerry the golden retriever)
To: cypherpunks@toad.com
Message Hash: 07c7e429f07573c520cfe0072f40362e9ce726c9a10ffe520032de3108c7af9f
Message ID: <9510170659.AA29634@anon.penet.fi>
Reply To: N/A
UTC Datetime: 1995-10-17 07:19:40 UTC
Raw Date: Tue, 17 Oct 95 00:19:40 PDT
From: an407769@anon.penet.fi (jerry the golden retriever)
Date: Tue, 17 Oct 95 00:19:40 PDT
To: cypherpunks@toad.com
Subject: java flaw
Message-ID: <9510170659.AA29634@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain
Sun and Netscape fix Java-Navigator flaw
From PC Week for October 16, 1995 by Michael Moeller
Netscape Communications Corp. has identified a flaw in Sun Microsystems
Inc.'s Java development language that caused a security hole in
Netscape's Navigator 2.0 Internet browser.
The flaw left open the possibility for corrupted files or viruses to be
downloaded over the Internet to a host PC.
Netscape officials, in Mountain View, Calif., said the problem occurred
when porting Java to the Netscape platform.
Sun, also based in Mountain View, issued a fix that performs a tighter
security scan of Java applets, or portions of code. Sun officials said
no users were affected by the security flaw.
The company is beta testing Java now, and the final version is scheduled
to be released next month.
Ironically, Java was designed as a secure development language to
prevent users from contracting a virus when downloading an application
over the Internet.
With Java, World-Wide Web application developers can create applets that
are turned into full-scale application code once downloaded by a Java-
enabled browser.
A security feature in Java scans for viruses before activating the
applet.
Java applications are designed to be run within the secure environment
of a Java-enabled browser.
When Java was ported to Netscape, one of the security features "fell
through the cracks," said Arthur van Hoff, senior staff engineer at Sun
and a principal architect of Java.
As a result, a user could have downloaded a corrupt applet that could
have continued to function outside the secure environment of the browser
shell and infected other programs on a user's computer.
Netscape has since released two new versions of its Navigator 2.0
browser for beta testing, one with Java support and one without.
However, Netscape officials said that once the browser is released in
mid-December, all versions of Navigator 2.0 will be Java-enabled.
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to abuse@anon.penet.fi
For information (incl. non-anon reply) write to help@anon.penet.fi
If you have any problems, address them to admin@anon.penet.fi
Return to October 1995
Return to “an407769@anon.penet.fi (jerry the golden retriever)”
1995-10-17 (Tue, 17 Oct 95 00:19:40 PDT) - java flaw - an407769@anon.penet.fi (jerry the golden retriever)