Re: Java and trojans: any last words before Netscape 2.0 is out?

To: Prentiss Riddle <riddle@is.rice.edu>
Subject: Re: Java and trojans: any last words before Netscape 2.0 is out?
From: Adam Jack <ajack@corp.micrognosis.com>
Date: Tue, 19 Sep 1995 20:03:08 -0400 (EDT)
Cc: comp-security-misc@news.cs.utexas.edu, alt-security@news.cs.utexas.edu, hotjava-interest@java.sun.com, www-security@ns2.rutgers.edu
In-Reply-To: <199509191723.MAA08151@is.rice.edu>

On Tue, 19 Sep 1995, Prentiss Riddle wrote:

> Netscape Communications Corp. has announced the impending release of a
> beta version of Netscape 2.0 to include Java support.
> 
> Is there anything to add to this assessment?  Are we walking knowingly
> into a significant decrease in the security of the average Internet
> site?  Should security-minded sysadmins ban Java and Netscape 2.0 from
> their systems?
>
    If people have more to loose than gain and are worried about this
    release - then let them set their firewall HTTP proxy to block all
    requests to URLs of the form http://..../*.class.

    Note - I don't know wether Netscape introduced a new extension for
    their Java-like scripts - but if they did it might be worth 
    considering restricting responses with a MIME content of 
    "application/octet-stream".

    Hopefully - they can then work out their own policies in their own
    good time.

> [Note the wide crossposting.  I would like to see an open discussion
> between between the Java and security communities on this issue.  If
> you agree that's a good idea, please direct followups via mail to:

    I think it might be a tad late for a last ditched discussion on
    the topic. I can't see Netscape/Lawyers/Sun changing their minds :-)

    Adam
--
+1-203-730-5437 | http://www.micrognosis.com/~ajack/index.htm

References:

Java and trojans: any last words before Netscape 2.0 is out?

From: riddle@is.rice.edu (Prentiss Riddle)

Previous: No Subject
Next: Re: Java and trojans: any last words before Netscape 2.0 is out?
Index(es):
- Index
- Thread