1996-01-30 - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)

From: Mike Fletcher <fletch@ain.bls.com>
To: cypherpunks@toad.com
UTC Datetime: 1996-01-30 16:49:47 UTC
Raw Date: Wed, 31 Jan 1996 00:49:47 +0800

From: Mike Fletcher
Date: Wed, 31 Jan 1996 00:49:47 +0800
To: cypherpunks@toad.com
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
> Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops 
> up an innocuous dialog box and asks you to enter some sensitive piece of
> information, then sends it off somewhere. About all it takes to write that is
> a modicum of skill in user interface design. You could write it in any 
> programming language, but in Java it may be particularly effective, since 
> people may come to expect to be prompted for sensitive info over the net by 
> Java apps. Maybe the Java folks who just left Sun decided to seize the
> opportunity ;>

	But both Sun's and Netscape's implementations make Frame (new
toplevel) windows have "Untrusted Applet Window" sprawled across the
bottom of them.

	On a (kinda) related note someone from Sun posted to c.l.java
that they're going to be releasing a signing mechanism for applets 
soon.  You'll be able to verify that the code comes from where it
says it does so at least when it steals your CC# you'll know whom to
go hunt down.

