From: fc@all.net (Dr. Frederick B. Cohen)
To: cypherpunks@toad.com
Message Hash: 1569af0e3e4cc0963eb32e9786eae656a0ce213ff0766c5bded95f87459fe51b
Message ID: <9510101020.AA21924@all.net>
Reply To: <199510100457.AAA00235@jekyll.piermont.com>
UTC Datetime: 1995-10-10 10:22:23 UTC
Raw Date: Tue, 10 Oct 95 03:22:23 PDT
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Tue, 10 Oct 95 03:22:23 PDT
To: cypherpunks@toad.com
Subject: Re: java security concerns
In-Reply-To: <199510100457.AAA00235@jekyll.piermont.com>
Message-ID: <9510101020.AA21924@all.net>
MIME-Version: 1.0
Content-Type: text
Perry writes:
> Ray Cromwell writes:
> > Yes, it may be possible that exploiting holes in Java will be easier
> > than those in sendmail, just as it is easier to exploit a hole in
> > software on a networked machine rather than a non-networked one. But this
> > can not be an argument against Java or its utility. The same arguments
> > were raised when Postscript first came out, yet the huge benefits
> > of postscript are obvious, while the amount of security damage
> > done by it is minimal.
>
> Postscript is completely safe if the interpreter is emasculated, and
> most of them are. (It is a huge risk when run on a non-emasculated
> interpreter, but fortunately it is easy to castrate one of the things.)
I'm not clear on what you mean by emasculated. It seems to me that
postscript interpreters are full of holes that can be exploited by
a cleaver enough attacker.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Return to October 1995
Return to “sameer <sameer@c2.org>”