1996-01-30 - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)

Header Data

From: m5@dev.tivoli.com (Mike McNally)
To: Jon Lasser <jlasser@rwd.goucher.edu>
Message Hash: 6a9f72eb494e9371ec5b8318a22914fb1d94b68cb64c3729156084fc217af6ec
Message ID: <9601301545.AA07088@alpha>
Reply To: <9601301358.AA14772@alpha>
UTC Datetime: 1996-01-30 18:29:00 UTC
Raw Date: Wed, 31 Jan 1996 02:29:00 +0800

Raw message

From: m5@dev.tivoli.com (Mike McNally)
Date: Wed, 31 Jan 1996 02:29:00 +0800
To: Jon Lasser <jlasser@rwd.goucher.edu>
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <9601301358.AA14772@alpha>
Message-ID: <9601301545.AA07088@alpha>
MIME-Version: 1.0
Content-Type: text/plain

Jon Lasser writes:
 > But the fact that Java windows are obvious doesn't seem to really speak 
 > to the question of can they be faked from *outside* Java.

If you need to worry about something showing up on your machine that's
capable of creating fake input dialogs on your screen, I claim you
have some serious problems.

 > In fact, very distinctive windows for Java are likely to increase the 
 > success of an attack which duplicates the window decorations perfectly, 
 > because people will be used to it.

But if by being used to such windows people understand that they're
not necessarily to be trusted, I don't see why that'd be an attractive
way of slipping in a trojan horse.  I mean, if you want to give
somebody a trojan horse, you don't hang a sign around its neck reading
"I am a trojan horse".

Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________