[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
****Developer Recants Hostile Java Applet Story 08/06/96
SAN FRANCISCO, CALIFORNIA, U.S.A., 1996 AUG 6 (NB) --
By Patrick McKenna. Finjan Software of Israel, which earlier said its
Java security software detected what the company called a publicly
available hostile Java applet at a game site on the World Wide Web,
has issued a statement changing its earlier claims.
In the first story on the Java applet labeled "hostile" by Finjan,
Newsbytes reported early Tuesday that the Java applet in question is
part of a game available on the Web and connected to America Online.
Shmulik Suhami, spokesperson for Finjan, told Newsbytes at the time,
"We were contacted by one of our users who detected a hostile Java
applet and we have confirmed the user's experience."
Newsbytes reported Sun Microsystems' JavaSoft division reply as saying,
"This issue is totally and completely bogus. Security features built
into Java do not allow an applet to read or write to another computer
without issuing a warning message and this applet in question is not a
hostile Java applet. An individual at AT&T, acting independently of the
company, developed the applet. We suspect a file for the applet was
placed on a second system and that is probably why Finjan's software
incorrectly read it as a hostile application. Actually, this is a flaw
in Finjan's software. There is no bug or hostile application at all."
In its early story, Newsbytes also quoted a JavaSoft spokesperson
as saying, "What is going on is that the person's applet called an
audio file from a second machine and Java's security features are so
strong and restrictive that an exception is raised whenever a second
machine is called. Finjan's software appears to have read the call to
the second machine as a hostile bug."
In recanting its initial claims, Finjan released the following
statement: "We want to issue a clarification on the media alert we sent
out yesterday describing a potentially suspicious Java applet. We were
perhaps mistaken to describe the applet discovered as a 'hostile
applet,' since we did not know if it did anything damaging to a
person's system. The activity of applet described was harmless. We
misunderstood the extent of the security exception based on information
we received. Though in principal the way the app was created could
constitute a risk, in practice this was a relatively harmless breech
of security, which the Java Security Manager dealt with appropriately."
(19960805/Press Contact: Mary Jo Wagner, Successful Marketing
Strategists, tel 510-644-3837; E-mail Address: [email protected];
or Paul Karr, KVO, 415-961-1550)