[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)



On Tue, 30 Jan 1996, Mike McNally wrote:

> Rich Graves writes:
>  > Hmm. Actually, what do Java dialog prompts look like? Is there any
>  > indication that they come from Java, or can they be made to look like any
>  > dialog from any program, or the OS itself? I suppose this is
>  > implementation-dependent. 
> 
> Yes, it's completely dependent on the AWT implementation.  (Or, of
> course, on the implementation of whatever graphical library provided
> by the particular Java runtime environment in question.)
> 
> The "standard" AWT that's used in the Netscape (and maybe HotJava)
> web browsers decorates all windows applets create such that it's
> obvious they're there.  It is designed to be impossible for the applet
> itself to corrupt the AWT such that the windows don't bear that
> decoration.  (Whether the design works as advertised is a question
> worth asking, of course.)

But the fact that Java windows are obvious doesn't seem to really speak 
to the question of can they be faked from *outside* Java.

In fact, very distinctive windows for Java are likely to increase the 
success of an attack which duplicates the window decorations perfectly, 
because people will be used to it.

Eternal vigilance, etc.
J.L.
------------------------------------------------------------------------------
Jon Lasser                <[email protected]>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.