From: fc@all.net (Dr. Frederick B. Cohen)
To: hallam@w3.org
Message Hash: 30317a9afbf9eead29ca97f9e5ae4a4b7b65b170c578adf49082e50d9d2da153
Message ID: <9511010226.AA02469@all.net>
Reply To: <9511010212.AA30561@zorch.w3.org>
UTC Datetime: 1995-11-01 03:08:23 UTC
Raw Date: Wed, 1 Nov 1995 11:08:23 +0800
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Wed, 1 Nov 1995 11:08:23 +0800
To: hallam@w3.org
Subject: Re: Please send cash
In-Reply-To: <9511010212.AA30561@zorch.w3.org>
Message-ID: <9511010226.AA02469@all.net>
MIME-Version: 1.0
Content-Type: text
> > While HotJava prevents applets from actively opening connections that
> > violate the user-selected security policy, it allows an applet to accept
> > connections from anywhere. At this point, an applet only has to use any one
> > of a number of channels to communicate where it is, and have the remote end
> > do the active open.
>
> What if I start a Java applet then send it a faked TCP/IP packet from another
> host? Can I hotwire an outgoing connection that appears to be from the victim
> host?
I think so.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Return to November 1995
Return to “hallam@w3.org”