From: Mutant Rob <wlkngowl@unix.asb.com>
To: John Young <jya@pipeline.com>
Message Hash: f59ccd317d9012a7388425d8a8727a892616f8c70b7a4f8720e9488b0e9df4b6
Message ID: <31591D05.5998@unix.asb.com>
Reply To: <199603261558.KAA25648@pipe1.nyc.pipeline.com>
UTC Datetime: 1996-03-27 14:30:48 UTC
Raw Date: Wed, 27 Mar 1996 22:30:48 +0800
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Wed, 27 Mar 1996 22:30:48 +0800
To: John Young <jya@pipeline.com>
Subject: Re: WSJ on Big Java Flaw
In-Reply-To: <199603261558.KAA25648@pipe1.nyc.pipeline.com>
Message-ID: <31591D05.5998@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain
John Young wrote:
> Wall Street Journal, March 26, 1996, p. B4.
> Researchers Find Big Security Flaw In Java Language
> By Don Clark
>
> A team of Princeton University researchers said they
> discovered the most serious security flaw yet in the widely
> used Java programming language from Sun Microsystems Inc.
>
> The flaw could make it possible for unscrupulous hackers to
> destroy files or cause other types of damage on any
> personal computer that uses Netscape Communications Corp.'s
> Navigator program, said Edward Felten, a Princeton
> assistant professor of computer science who helped discover
> the flaw.[..]
> Mr. Felten said that unscrupulous people who discovered the
> flaw could boobytrap a Web page on the Internet,
> essentially seizing control of the browser software of any
> PC that tapped into that page. At that point, the hackers
> could read or delete an entire hard disk of data files.
> "The consequences of this flaw are as bad as they can be,"
> he said.[..]
The generalized halting problem comes to mind...
Since it can be proved that there's no complete set of heuristics
to tell if a given program has a characteristic (such as "secureness")
then sooner or later someone will discover another security flaw.
A question is whether a simple patch is made or if the set of heuristics
is widened (ie, learn from mistakes) so that similar flaws can be found
based on knowledge of that one flaw.
Return to March 1996
Return to “Mutant Rob <wlkngowl@unix.asb.com>”