[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape Communicator Security Problem-Java (fwd)



Forward of a Forward
>
>
>A friend sent this to me-- thought you all might find it interesting.
>
>Seems like anyone who chooses to run either of "the big two" browsers is
just leaving their system open to any and all snooping eyes and malicious
pranksters.  With LYNX now having the capability to navigate frames and
manipulate "cookies" I know which browser and OS I'll be sticking with.
>
>

>Status: RO
>
>On Mon, 7 Apr 1997 13:00:10 -0400, in alt.privacy you wrote:
>
>>Fair use exerpts from:
>>
>>Communicator security takes a risk 
>>By Nick Wingfield
>>April 4, 1997, 4:45 p.m. PT 
>>
>>Beginning this week, Navigator users will have to
>>learn to trust their browsers a bit more. 
>>
>>Yesterday, Netscape Communications (NSCP)
>>gave developers a peak at "preview release 3" of
>>Communicator, the first version of its browser to use
>>Java's new "flexible" security model. 
>><snip>
>>
>>The new security model has been designed not to be
>>more risky, of course, but to free Java programs
>>from some of the constraints traditionally placed
>>upon them. Sun has had to change the security
>>model so that applets can perform new useful
>>functions such as reading files stored on the hard
>>disk or writing new files to the disk. But in the
>>process, Sun is asking users to take security risks
>>that up until now have been associated with the
>>ActiveX controls that can already perform these
>>functions. 
>><snip>
>>
>>                
>>Microsoft's Internet Explorer 3.0 has permitted Java
>>applets to go outside the sandbox since last year. To
>>try and make up for the security risk this poses, it
>>created a feature called Authenticode to alert users
>>whenever an uncertified applet or control is about to
>>be downloaded. That way, the user knows precisely
>>when a potentially dangerous piece of code is
>>encountered. 
>>
>>As with ActiveX controls, users will have to trust
>>developers not to mess with their computers. For
>>their part, developers will be required to stamp their
>>Java programs with digital signatures that make them
>>easy to track down if their code does something
>>malicious to a user's computer. 
>>
>>"It's typically hypocritical of Netscape to criticize
>>Authenticode when they are building exactly the
>>same mechanism into Communicator," said
>>Cornelius Willis, director of platform marketing at
>>Microsoft. 
>>

Is this an opportunity for Inferno?

It looks like it might be  (of course people would have to first install
Inferno on their PC's -- but they should anyway
                        Ted
***************************************************************************
Ted Kochanski, Ph.D.
Sensors Signals Systems  ---  "Complex Systems -- Analysis and Architecture"
--- "Inferno-ware"
http://www.sensorsys.com
e-mail tpk@sensorsys.com   phone (617) 861-6167  fax  861-0476
11 Aerial St., Lexington, MA 02173