Re: Java Hole: Web Graffiti & Covert Channels

To: "Donald T. Davis" <don@cam.ov.com>
Subject: Re: Java Hole: Web Graffiti & Covert Channels
From: Chytracek Radovan <chytrace@saske.sk>
Date: Mon, 13 May 1996 11:30:11 +0200 (MET DST)
cc: Jacob Rose <jacob@hummingbird.whiteshell.com>, www-security@ns2.rutgers.edu
In-Reply-To: <199605101608.MAA01266@gza-client1.cam.ov.com>

On Fri, 10 May 1996, Donald T. Davis wrote:

> >> the idea [is] that a user hitting any site on the web after activating
> >> the trojan horse applet, will see whatever it is the trojan horse wants
> >> them to see by REDIRECTING the URL locations to the hacker server ...
> 
> jacob rose replied: 
> > Goodness, everyone.  This is not a bug in Java!  You can do this with a
> > CGI script!  ...  So, really, this problem has nothing to do with Java,
> > it's simply a consequence of hypertext.
> 
> the point of the complaint, is that java is supposed to be more
> secure than CGI; that's one of java's main design goals, and one
> which java has consistently failed to meet.
> 					    -don davis, boston
> 
I'd say that Java is safe but the programs written in Java are not safe !


#=============================================================#
# Radovan Chytracek     Slovak Academy of Sciences            #
#                       Watsonova 47,Kosice,04001,            #
#                       Slovak Republic                       #
# phone: +42 95 633 2741-2 , ext. 156  fax : +42 95 633 6292  #
#===================#=========================================#
# Linux iii  is the #            chytrace@saske.sk            #
# best (0 0) choice #      http://www.saske.sk/~chytrace      #
#===ooO==U==Ooo=====#=========================================#

References:

Re: Java Hole: Web Graffiti & Covert Channels

From: "Donald T. Davis" <don@cam.ov.com>

Previous: Re: Protected Page...
Next: Re: Protected Page...
Index(es):
- Index
- Thread