1996-01-31 - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)

Header Data

From: Rich Graves <llurch@networking.stanford.edu>
To: Louis Freeh <cypherpunks@toad.com>
Message Hash: 561ace1dca7ae5b538a4935bc3588aac859d090295bf33b4cfa4712431170556
Message ID: <Pine.ULT.3.91.960129221006.6235h-100000@Networking.Stanford.EDU>
Reply To: <199601300412.XAA23037@opine.cs.umass.edu>
UTC Datetime: 1996-01-31 08:55:46 UTC
Raw Date: Wed, 31 Jan 1996 16:55:46 +0800

Raw message

From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 31 Jan 1996 16:55:46 +0800
To: Louis Freeh <cypherpunks@toad.com>
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <199601300412.XAA23037@opine.cs.umass.edu>
Message-ID: <Pine.ULT.3.91.960129221006.6235h-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996, Futplex wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Tim Philp writes:
> > I have been wondering about the possibility of using a JAVA applet to do 
> > keyboard sniffing. As I am not familiar with this language, does anyone 
> > know if this would be possible?
> 
> program. I don't see how you could build a keyboard sniffer in Java unless 
> you could somehow trick the interpreter into feeding an input stream to an
> additional process. 
> 
> Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops 
> up an innocuous dialog box and asks you to enter some sensitive piece of
> information, then sends it off somewhere. About all it takes to write that is
> a modicum of skill in user interface design. You could write it in any 
> programming language, but in Java it may be particularly effective, since 
> people may come to expect to be prompted for sensitive info over the net by 
> Java apps.

Hmm. Actually, what do Java dialog prompts look like? Is there any
indication that they come from Java, or can they be made to look like any
dialog from any program, or the OS itself? I suppose this is
implementation-dependent. 

One "neat" trick would be an applet that sleeps for several minutes and 
then suddenly pops up asking for your system password, or something. 
A heck of a lot of people fell for something much more primitive at AOL.

-rich

Thread

• Return to January 1996

• Return to February 1996

• Return to “dlv@bwalk.dm.com (Dr. Dimitri Vulis)”
• Return to ““Ed Carp, KHIJOL SysAdmin” <erc@dal1820.computek.net>”
• Return to “futplex@pseudonym.com (Futplex)”
• Return to “Jon Lasser <jlasser@rwd.goucher.edu>”
• Return to “m5@dev.tivoli.com (Mike McNally)”
• Return to “Mike Fletcher <fletch@ain.bls.com>”
• Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”
• Return to “Paul Foley <paul@mycroft.actrix.gen.nz>”
• Return to ““Paul M. Cardon” <pmarc@fnbc.com>”
• Return to “Rich Graves <llurch@networking.stanford.edu>”
• Return to “Rich Salz <rsalz@osf.org>”
• Return to ““Richard Martin” <rmartin@aw.sgi.com>”

• Return to “Tim Philp <bplib@wat.hookup.net>”

• 1996-01-30 (Tue, 30 Jan 1996 17:12:29 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Rich Salz <rsalz@osf.org>
  • 1996-01-30 (Tue, 30 Jan 1996 19:42:59 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Nathaniel Borenstein <nsb@nsb.fv.com>
    • 1996-01-31 (Wed, 31 Jan 1996 12:22:49 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Paul Foley <paul@mycroft.actrix.gen.nz>
      • 1996-02-01 (Thu, 1 Feb 1996 10:16:17 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
        • 1996-02-04 (Mon, 5 Feb 1996 02:34:33 +0800) - XMAS Exec - Nathaniel Borenstein <nsb@nsb.fv.com>
          • 1996-02-04 (Mon, 5 Feb 1996 04:23:18 +0800) - Re: XMAS Exec - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
  • 1996-01-30 (Tue, 30 Jan 1996 21:08:44 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - “Paul M. Cardon” <pmarc@fnbc.com>
  • 1996-02-01 (Fri, 2 Feb 1996 02:16:15 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
  • 1996-02-01 (Fri, 2 Feb 1996 02:19:42 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Tim Philp <bplib@wat.hookup.net>
    • 1996-01-30 (Tue, 30 Jan 1996 13:45:13 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - “Ed Carp, KHIJOL SysAdmin” <erc@dal1820.computek.net>
      • 1996-02-01 (Fri, 2 Feb 1996 01:59:49 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - futplex@pseudonym.com (Futplex)
        • 1996-01-30 (Tue, 30 Jan 1996 23:03:11 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - m5@dev.tivoli.com (Mike McNally)
          • 1996-01-30 (Wed, 31 Jan 1996 01:48:05 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - Jon Lasser <jlasser@rwd.goucher.edu>
          • 1996-01-30 (Wed, 31 Jan 1996 02:29:00 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - m5@dev.tivoli.com (Mike McNally)
            • 1996-01-31 (Wed, 31 Jan 1996 11:40:37 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - futplex@pseudonym.com (Futplex)
            • 1996-01-31 (Thu, 1 Feb 1996 03:47:19 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - m5@dev.tivoli.com (Mike McNally)
        • 1996-01-30 (Tue, 30 Jan 1996 23:42:02 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - “Richard Martin” <rmartin@aw.sgi.com>
        • 1996-01-30 (Wed, 31 Jan 1996 00:49:47 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - Mike Fletcher <fletch@ain.bls.com>
        • 1996-01-31 (Wed, 31 Jan 1996 16:55:46 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - Rich Graves <llurch@networking.stanford.edu>
    • 1996-01-30 (Tue, 30 Jan 1996 23:10:58 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - m5@dev.tivoli.com (Mike McNally)