[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please send cash

To: [email protected]
Subject: Re: Please send cash
From: [email protected] (Dr. Frederick B. Cohen)
Date: Tue, 31 Oct 1995 21:26:35 -0500 (EST)
Cc: [email protected]
In-Reply-To: <[email protected]> from "[email protected]" at Oct 31, 95 09:12:55 pm
Sender: [email protected]

> > While HotJava prevents applets from actively opening connections that
> > violate the user-selected security policy, it allows an applet to accept
> > connections from anywhere.  At this point, an applet only has to use any one
> > of a number of channels to communicate where it is, and have the remote end
> > do the active open.
> 
> What if I start a Java applet then send it a faked TCP/IP packet from another 
> host? Can I hotwire an outgoing connection that appears to be from the victim 
> host?

I think so.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236

References:
- Re: Please send cash
  - From: [email protected]

Prev by Date: Re: Digicash on Scientific American
Next by Date: Re: Important Digital Cash Question...
Prev by thread: Re: Please send cash
Next by thread: From Bill Frezza: Electronic Warfare
Index(es):
- Date
- Thread