Date: Sat, 8 Jun 1996 23:53:09 -0700
Sender: Vanagon Mailing List <vanagon@vanagon.com>
From: rickgo@halcyon.com (Rick Gordon)
Subject: re Java "virus"
While not to "completely" discount the "java virus" notion, you should probably
be aware that this "Black Widow virus" is nothing more than a 'denial of
service' attack. I.e. it would supposedly use up all your RAM and/or make
your
computer crash as a result. Not really a Java-specific problem, although
Java certainly makes it a little easier.
I'm not sure if its really a "virus" since I don't think it is a
self-replicating entity - I think its just an applet that runs on your
computer until it crashes. To avoid it, don't visit the Web page you hit
when it crashed!
While JavaScript (which has nothing to do with Java) is capable of
accessing data such as your email address if you stored it in Netscape's
preferences,
its otherwise considered pretty benign.
As to the language Java, there is a security hole, one of which remains
outstanding in the 1.0.2 release, but I don't know the details and probably
won't until they distribute a fix!
My point is simply that, while Java may not yet be "entirely" secure, its
NOT that big a threat to one's everyday computing. Indeed, if you turn it
off, you may be missing out on the next revolution sweeping the net. (I've
been doing
Java-related work for a few months now, and now that I'm past the hype
stage I'm starting to really like it! Now if we just had a decent
debugger!)
-rick
>>The VA Austin Automation Center (AAC) has received a message from the
>>Department of Defense regarding a computer virus on the World Wide
>>Web. If you have anyone at your station using Netscape version 2.0 or
>>2.1, you should have them disable Java ASAP to avoid the possibility of
>>picking up a Java virus. Message from DOD follows:
>>
>> URGENT! URGENT! URGENT! URGENT! URGENT! URGENT!
>>
>> WHAT IS THE PROBLEM -- A hostile Java applet is stalking the World
>> Wide Web. It is a Black Widow Java called JAVA. Princeton University
>> Researchers have found hostile java applets on the World Wide Web.
>> They reside on web sites set up with a malicious intent, and are
>> downloaded and executed automatically when an innocent user visits
>> that site.
>>
>> WHAT IT COULD DO -- These Java applets are programs that can destroy
>> data and interfere with your network. They may even upload sensitive
>> material to a third party.
>>
>> WHO DOES THIS APPLY TO -- This applies to all users using
>> Netscape Navigator 2.0 or Netscape Navigator 2.01.
>>
>> HOW TO PROTECT YOURSELVES -- The (DOD) Computer Emergency
>> Response Team (CERT) staff recommends disabling Java in Netscape
>> Navigator 2.0 or Netscape Navigator 2.01 until patches are available.
Rick Gordon
Bainbridge Island, WA, USA
-------------------------------------
rickgo@halcyon.com
http://www.halcyon.com/rickgo/
KC7QEG
finger for PGP public key fingerprint
-------------------------------------