[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hack Java




| On Tue, 23 Jan 1996, Benjamin Renaud wrote:
| 
| > Yes. And if you also let an intruder in your house, have them sit at
| > your computer with your newborn child in the room and go on vacation,
| > things can get really, really nasty.
| 
| I guess that wu-ftp never was distributed with security holes.  Never 
| heard of anyone distributing maliscious lookalike packages.  How many 
| folks do you think downloaded the linux-JDK and use it without checking 
| it out first.  That takes care of the compiler.  And distributing bad 
| netscape or other browsers is childs play.  So I guess your newborn is 
| relevant.
| 
| Stick to your belief that Java is secure because, darn it, it just would 
| be hard for anyone to do bad things with it.  Please.

I think what we should worry about is the second-order effects of
Java; how will the world look like when Java is everywhere?

We should also not discount the "social" effects; what will people
do to try to circumvent the "stupid" safeguards that Java will be
distributed with.

I have earlier heard the opinion from the Java team (I believe) that
this is not "Java's fault", and I can understand that standpoint.
My opinion is still that the net result (pun intended!) is even weaker 
security, because of these two reasons above. 

(In my darker moments, I feel that the whole field of computer security
is in a major crisis. Ever heard of the Emperor's New Clothes? ;-))

Just some mumbling from,
	Christian Wettergren