Re: JavaScript to grab email (fwd)

• To: "Robert S. Muhlestein" <robertm@teleport.com>
• Subject: Re: JavaScript to grab email (fwd)
• From: George Spafford <gspaff@execpc.com>
• Date: Fri, 23 Feb 1996 09:30:59 -0500
• Cc: www-security@ns2.rutgers.edu

At 12:37 PM 2/22/96 -0800, you wrote:
>On Thu, 22 Feb 1996, George Spafford wrote:
>
>> >From: Jyri Kaljundi <jk@digit.ee>
>> >To: cypherpunks@toad.com
>> >Subject: JavaScript to grab email
>> >Date: Tue, 20 Feb 1996 16:33:21 +0200 (EET)
>> >
>> >Another annoying feature in JavaScript and Netscape. Have a look at
>> ><http://www.popco.com/grabtest.htm>
>> 
>> 
>> Well, if you want to take an Orwellian perspective, a person could write a
>> script in Java to access all kinds of information on the local drive(s),
>> even take it a step further and gather information from all attached drives
>> the host has rights to.  
>
>Have you done this?  Has anyone else?  "Hooked on Java" and all the other
>info I get from Sun and others suggests local drive read and write access
>is only available to "trusted" applets (presumably a future Netscape pref
>setting).  Do you have any proof to support your claim (besides the recent
>posting about connecting to any host, which, I agree, is very scary). 
>
>Robert Muhlestein
>Teleport Creative Services
>CGI Guy
>cgi@teleport.com

This is a synopsis of what I am hearing.  This particular quote comes from
CMP Publication's 
IADAILY, which is an e-mail distributed journal, the 02-22-96 edition.

     Netscape bugged by security flaw

     A research group at Princeton University has uncovered a bug in
Netscape Communication Corp.'s 
     latest browser, Navigator 2.0. The browser, released just weeks ago
commercially after endless 
     months of beta tests, is compatible with Sun Microsystems Internet
programming language Java.

     The researchers found a way to use Java to penetrate the desktops and
networks of computer users. 
     This scenario has long been feared by critics worried about the
vulnerability of computers running 
     Java. Both Netscape and Sun say they will offer a fix on their Web
sites within a week.

     Meanwhile, Netscape officials refused to comment on reports the company
plans
     to dramatically slash prices on its line of commerce servers. Netscape
spokeswoman Andrea Cook 
     told Interactive Age Digital that Netscape plans new prices and
upgrades for its servers at the 
     Netscape developer's conference in early March.

     --Gary Brickman and Karen Rodriguez

I have also heard comments in several other newsgroups.  No, I have not
duplicated the task, just 
performing the task of a cyber-parrot and repeating what I have heard.

--G--
George Spafford
Interlink Publishing
1301 Harrison Avenue
Saint Joseph, MI 49085
USA

E-mail: gspaff@execpc.com
	il@execpc.com
WWW:	http://www.execpc.com/~il

Down the pipe, through the filters, off the censor . . . there was nothing
left but noise.

• Previous: Re: JavaScript to grab email (fwd)
• Next: Re: JavaScript to grab email (fwd)
• Index(es):
  • Index
  • Thread