1996-01-31 - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)

Header Data

From: Rich Graves <llurch@networking.stanford.edu>
To: Louis Freeh <cypherpunks@toad.com>
Message Hash: 561ace1dca7ae5b538a4935bc3588aac859d090295bf33b4cfa4712431170556
Message ID: <Pine.ULT.3.91.960129221006.6235h-100000@Networking.Stanford.EDU>
Reply To: <199601300412.XAA23037@opine.cs.umass.edu>
UTC Datetime: 1996-01-31 08:55:46 UTC
Raw Date: Wed, 31 Jan 1996 16:55:46 +0800

Raw message

From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 31 Jan 1996 16:55:46 +0800
To: Louis Freeh <cypherpunks@toad.com>
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <199601300412.XAA23037@opine.cs.umass.edu>
Message-ID: <Pine.ULT.3.91.960129221006.6235h-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996, Futplex wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Tim Philp writes:
> > I have been wondering about the possibility of using a JAVA applet to do 
> > keyboard sniffing. As I am not familiar with this language, does anyone 
> > know if this would be possible?
> 
> program. I don't see how you could build a keyboard sniffer in Java unless 
> you could somehow trick the interpreter into feeding an input stream to an
> additional process. 
> 
> Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops 
> up an innocuous dialog box and asks you to enter some sensitive piece of
> information, then sends it off somewhere. About all it takes to write that is
> a modicum of skill in user interface design. You could write it in any 
> programming language, but in Java it may be particularly effective, since 
> people may come to expect to be prompted for sensitive info over the net by 
> Java apps.

Hmm. Actually, what do Java dialog prompts look like? Is there any
indication that they come from Java, or can they be made to look like any
dialog from any program, or the OS itself? I suppose this is
implementation-dependent. 

One "neat" trick would be an applet that sleeps for several minutes and 
then suddenly pops up asking for your system password, or something. 
A heck of a lot of people fell for something much more primitive at AOL.

-rich





Thread