From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: 214bf0c0207655a3289255b802c6e16dfa91fa9d1fdb2fbe0fb48308259a8415
Message ID: <199603261558.KAA25648@pipe1.nyc.pipeline.com>
Reply To: N/A
UTC Datetime: 1996-03-27 16:42:14 UTC
Raw Date: Thu, 28 Mar 1996 00:42:14 +0800
From: John Young <jya@pipeline.com>
Date: Thu, 28 Mar 1996 00:42:14 +0800
To: cypherpunks@toad.com
Subject: WSJ on Big Java Flaw
Message-ID: <199603261558.KAA25648@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain
Wall Street Journal, March 26, 1996, p. B4.
Researchers Find Big Security Flaw In Java Language
By Don Clark
A team of Princeton University researchers said they
discovered the most serious security flaw yet in the widely
used Java programming language from Sun Microsystems Inc.
The flaw could make it possible for unscrupulous hackers to
destroy files or cause other types of damage on any
personal computer that uses Netscape Communications Corp.'s
Navigator program, said Edward Felten, a Princeton
assistant professor of computer science who helped discover
the flaw.
Netscape Navigator, which uses Java, is the most popular
software for browsing the Internet's World Wide Web. Java
enables the creation of tiny programs, called applets, that
are transferred from a Web site on the Internet to a PC
running Netscape Navigator.
Mr. Felten said that unscrupulous people who discovered the
flaw could boobytrap a Web page on the Internet,
essentially seizing control of the browser software of any
PC that tapped into that page. At that point, the hackers
could read or delete an entire hard disk of data files.
"The consequences of this flaw are as bad as they can be,"
he said.
Sun, a computer maker based in Mountain View, Calif.,
acknowledged the problem. "This one is a serious bug," said
Marianne Mueller, a senior Sun engineer specializing in
security issues.
The company, alerted by Princeton on Friday, is already
testing a software fix it has developed for the program and
hopes to distribute it to Netscape and other users in about
two days. Those companies are then expected to distribute
updated versions of their Web browsers or other products to
users.
"We plan to fix it and get it out to our customers as fast
as we can," said Jeff Treuhaft, a Netscape product manager.
Java was originally touted by Sun as a secure language. But
at least two other flaws have already been discovered in
the technology, including a less-serious problem uncovered
by the Princeton team last month. Sun's Ms. Mueller said
the problems have been correctable details in the way the
Java code is written, not problems with its basic design.
[End]
Return to March 1996
Return to “Mutant Rob <wlkngowl@unix.asb.com>”