[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Java Hole: Web Graffiti & Covert Channels

To: [email protected], [email protected]
Subject: Java Hole: Web Graffiti & Covert Channels
From: Chad Owen Yoshikawa <[email protected]>
Date: Wed, 8 May 1996 19:10:00 -0700 (PDT)
Cc: [email protected], [email protected]
Sender: [email protected]

--------------------------------------------------------
Web Graffiti & High Bandwidth Covert Channels Using Java
--------------------------------------------------------

While developing a chat server using Java as a frontend, we've
been exploiting what we think is a new Java security hole in
Java-enabled browsers such as Netscape.  The hole allows for
opening sockets to arbitrary ports on web servers that serve
Trojan-horse applets.

We've also used a known security hole (covert channels) first mentioned
in work by the SIP group at Princeton to create what we call
'Web Graffiti' - the dynamic insertion of text, graphics, applets, into 
HTML pages.  

Both of these attacks are three-party attacks and require Trojan-
horse applets.  For a draft of a paper that is work in progress, 
point your browser to:

http://whenever.CS.Berkeley.EDU/graffiti/

Chad Yoshikawa		Brent Chun
[email protected]	[email protected]

Prev by Date: Re: hacktic.nl is down!!
Next by Date: re: Dempster-Shafer...(re: Transitive
Prev by thread: DigiCash agreement with Deutsche Bank
Next by thread: re: Dempster-Shafer...(re: Transitive
Index(es):
- Date
- Thread