From: mrm@netcom.com (Marianne Mueller)
To: gcg@pb.net
Message Hash: 2bf84061d55898fadacb901ed35f159d30cc5e7800c03eaee7e23e858700555f
Message ID: <199605240129.SAA00250@netcom20.netcom.com>
Reply To: <2.2.32.19960523202049.006a6eac@mail.pb.net>
UTC Datetime: 1996-05-24 05:54:33 UTC
Raw Date: Fri, 24 May 1996 13:54:33 +0800
From: mrm@netcom.com (Marianne Mueller)
Date: Fri, 24 May 1996 13:54:33 +0800
To: gcg@pb.net
Subject: Re: VIRUS ALERT: Java virus that affects Netscape 2.0 & 2.01.
In-Reply-To: <2.2.32.19960523202049.006a6eac@mail.pb.net>
Message-ID: <199605240129.SAA00250@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
We've reached urban legend time for Java...?
There is no Java virus known as "Black Widow". There was a melodramatic
web article about Java security that used the title "Black Widow", a pun
on the web. The article focused mostly on the danger of denial-of-service
applets that consume resources on the client. While rude, annoying, and
potentially the cause of losing unsaved edits in a word processor, (if you
were flumoxed and panic'd and instead of killing your browser, you
rebooted your computer and lost any pending edits) denial-of-service
applets are *not* viruses. And they are not stalking the web. Really.
I work on Java security at JavaSoft which is part of Sun, and try to keep
our web page up to date. See http://java.sun.com/sfaq/ for info.
In the "for what it's worth dept", the security breaches that have gotten
so much press are fixed in JDK 1.0.2, our current release, and in NN3.0b4.
This includes the bug mentioned in the May 18 NY Times story.
Marianne
Return to May 1996
Return to “Simon Spero <ses@tipper.oit.unc.edu>”