[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: java security



-----BEGIN PGP SIGNED MESSAGE-----

At 08:44 PM 03/29/96 -0700, [email protected] (Rollo Silver) wrote:

>I'd like to hear from coderpunks/cypherpunks having ideas about how to
>break it, especially if you don't have the time/energy to pursue the idea
>to fruition yourself.

I wonder if it's possible to _subvert_ Java. That is, have site "A" send
along some modifications to a Java class, so that when the user logs into
site "B" (which calls that class), Nasty Things Happen. What site "A" does
raises no alarm flags _until_ site "B" trips the trigger - making it look
like site "B" is the Bad Guy.

(WARNING! CDA Violation!) Hell, you might even be able to spread the
modifications around some, so that it's even less obvious where they were
done. Maybe even use the technique to modify Java itself, thus disabling
security controls.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVv4Y8VrTvyYOzAZAQEt3wP+JBpJtTLoBLuMSqWpl6b8qSsIiIVXi6fh
9JiK9xfOEptPljW1Ca/KhHNmX8wHpUyR8U8vU4XZKraAAqcGiPlHO4ojuaJfa87I
LgkKGuSlsmaA7VSIZc7NkjH87B+IRhMgk5IkAE15StGyDAh9ugEm1e8X0PZjcDV0
HgokmdQMppA=
=XHYT
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm