From: “Ed Carp, KHIJOL SysAdmin” <erc@dal1820.computek.net>
To: lyalc@ozemail.com.au (lyal collins)
Message Hash: db14a36e18b7dda33615c73b2d203d629e52043532197cad65f0bae64295f97c
Message ID: <199601300642.BAA04545@dal1820.computek.net>
Reply To: <199601300631.RAA28225@oznet02.ozemail.com.au>
UTC Datetime: 1996-01-31 08:58:12 UTC
Raw Date: Wed, 31 Jan 1996 16:58:12 +0800
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Wed, 31 Jan 1996 16:58:12 +0800
To: lyalc@ozemail.com.au (lyal collins)
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <199601300631.RAA28225@oznet02.ozemail.com.au>
Message-ID: <199601300642.BAA04545@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text
> >Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops
> >up an innocuous dialog box and asks you to enter some sensitive piece of
> >information, then sends it off somewhere. About all it takes to write that is
> >a modicum of skill in user interface design. You could write it in any
> >programming language, but in Java it may be particularly effective, since
> >people may come to expect to be prompted for sensitive info over the net by
> >Java apps. Maybe the Java folks who just left Sun decided to seize the
> >opportunity ;>
> >
> >Futplex <futplex@pseudonym.com>
> >
> A very realistic scenario - any comments or reasons it can't happen ??
> second question:
> How can you be sure you receive the applet that you "think" you've requested ?
>
> Any illuminating comments to assit my awareness of java ?
Not that this can't happen, but as I understand it, Java puts up a rather
distinctive popup, so that you know that it's Java doing it. As people
are on the net, I wouldn't expect them to be so stupid as to answer a
"Please enter your password" prompt with anything meaningful. As to your
second question, I think that this is rather outside the scope of the Java
system's control.
I guess what I'm trying to say is that there's only so much you can do to
protect people from themselves. As with anything else, Java won't prevent
you from doing something stupid - nor IMO should it. If that were true,
we'd all still be riding in buggies pulled by horses.
--
Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com
214/993-3935 voicemail/digital pager
800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi
"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul. Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"
-- "Losing Your Mind", Karen Alexander and Rick Boyes
Return to January 1996
Return to “lyalc@ozemail.com.au (lyal collins)”