[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)




> Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops 
> up an innocuous dialog box and asks you to enter some sensitive piece of
> information, then sends it off somewhere. About all it takes to write that is
> a modicum of skill in user interface design. You could write it in any 
> programming language, but in Java it may be particularly effective, since 
> people may come to expect to be prompted for sensitive info over the net by 
> Java apps. Maybe the Java folks who just left Sun decided to seize the
> opportunity ;>

	But both Sun's and Netscape's implementations make Frame (new
toplevel) windows have "Untrusted Applet Window" sprawled across the
bottom of them.

	On a (kinda) related note someone from Sun posted to c.l.java
that they're going to be releasing a signing mechanism for applets 
soon.  You'll be able to verify that the code comes from where it
says it does so at least when it steals your CC# you'll know whom to
go hunt down.

---
Fletch                                                     __`'/|
[email protected]  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------