Re: Java Hole: Web Graffiti & Covert Channels

• To: Jacob Rose <jacob@hummingbird.whiteshell.com>
• Subject: Re: Java Hole: Web Graffiti & Covert Channels
• From: "Donald T. Davis" <don@cam.ov.com>
• Date: Fri, 10 May 1996 12:08:39 -0400
• Cc: www-security@ns2.rutgers.edu
• In-reply-to: Your message of "Fri, 10 May 1996 08:07:49 EDT." <Pine.ULT.3.91.960510075405.21748B-100000@hummingbird.whiteshell.com>

>> the idea [is] that a user hitting any site on the web after activating
>> the trojan horse applet, will see whatever it is the trojan horse wants
>> them to see by REDIRECTING the URL locations to the hacker server ...

jacob rose replied: 
> Goodness, everyone.  This is not a bug in Java!  You can do this with a
> CGI script!  ...  So, really, this problem has nothing to do with Java,
> it's simply a consequence of hypertext.

the point of the complaint, is that java is supposed to be more
secure than CGI; that's one of java's main design goals, and one
which java has consistently failed to meet.
					    -don davis, boston

• Re: Java Hole: Web Graffiti & Covert Channels
• From: Chytracek Radovan <chytrace@saske.sk>
• Re: Java Hole: Web Graffiti & Covert Channels
• From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
• Re: Java Hole: Web Graffiti & Covert Channels
• From: Jacob Rose <jacob@hummingbird.whiteshell.com>

• Re: NON-DELIVERY of: RE: Java Hole: Web Graffiti & Covert Channels
• From: Jacob Rose <jacob@hummingbird.whiteshell.com>

• Previous: Re: Dear friends,
• Next: Re: Verisign and Certificates
• Index(es):
  • Index
  • Thread