VANAGON archives -- June 1996 (#541)

Date: Sat, 8 Jun 1996 23:53:09 -0700 Sender: Vanagon Mailing List <vanagon@vanagon.com> From: rickgo@halcyon.com (Rick Gordon) Subject: re Java "virus"

While not to "completely" discount the "java virus" notion, you should probably be aware that this "Black Widow virus" is nothing more than a 'denial of service' attack. I.e. it would supposedly use up all your RAM and/or make your computer crash as a result. Not really a Java-specific problem, although Java certainly makes it a little easier.

I'm not sure if its really a "virus" since I don't think it is a self-replicating entity - I think its just an applet that runs on your computer until it crashes. To avoid it, don't visit the Web page you hit when it crashed!

While JavaScript (which has nothing to do with Java) is capable of accessing data such as your email address if you stored it in Netscape's preferences, its otherwise considered pretty benign. As to the language Java, there is a security hole, one of which remains outstanding in the 1.0.2 release, but I don't know the details and probably won't until they distribute a fix!

My point is simply that, while Java may not yet be "entirely" secure, its NOT that big a threat to one's everyday computing. Indeed, if you turn it off, you may be missing out on the next revolution sweeping the net. (I've been doing Java-related work for a few months now, and now that I'm past the hype stage I'm starting to really like it! Now if we just had a decent debugger!)

-rick

>>The VA Austin Automation Center (AAC) has received a message from the >>Department of Defense regarding a computer virus on the World Wide >>Web. If you have anyone at your station using Netscape version 2.0 or >>2.1, you should have them disable Java ASAP to avoid the possibility of >>picking up a Java virus. Message from DOD follows: >> >> URGENT! URGENT! URGENT! URGENT! URGENT! URGENT! >> >> WHAT IS THE PROBLEM -- A hostile Java applet is stalking the World >> Wide Web. It is a Black Widow Java called JAVA. Princeton University >> Researchers have found hostile java applets on the World Wide Web. >> They reside on web sites set up with a malicious intent, and are >> downloaded and executed automatically when an innocent user visits >> that site. >> >> WHAT IT COULD DO -- These Java applets are programs that can destroy >> data and interfere with your network. They may even upload sensitive >> material to a third party. >> >> WHO DOES THIS APPLY TO -- This applies to all users using >> Netscape Navigator 2.0 or Netscape Navigator 2.01. >> >> HOW TO PROTECT YOURSELVES -- The (DOD) Computer Emergency >> Response Team (CERT) staff recommends disabling Java in Netscape >> Navigator 2.0 or Netscape Navigator 2.01 until patches are available.

Rick Gordon Bainbridge Island, WA, USA ------------------------------------- rickgo@halcyon.com http://www.halcyon.com/rickgo/ KC7QEG finger for PGP public key fingerprint -------------------------------------

Back to: Top of message | Previous page | Main VANAGON page

Please note - During the past 17 years of operation, several gigabytes of Vanagon mail messages have been archived. Searching the entire collection will take up to five minutes to complete. Please be patient!

Return to the archives @ gerry.vanagon.com

The vanagon mailing list archives are copyright (c) 1994-2011, and may not be reproduced without the express written permission of the list administrators. Posting messages to this mailing list grants a license to the mailing list administrators to reproduce the message in a compilation, either printed or electronic. All compilations will be not-for-profit, with any excess proceeds going to the Vanagon mailing list.

Any profits from list compilations go exclusively towards the management and operation of the Vanagon mailing list and vanagon mailing list web site.