[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deutsche Bank / Software



At 18.02.1998, 11:18 Uhr +0100 you wrote:

>Das kann Dir mit jedem anderen Modul passieren.  Java bzw. die JVM
>dafür verantwortlich zu machen, zeugt von Unkenntnis.

Gleichfalls!
"One of the touted features of the Java interpreter in Netscapes Navigator
and Microsofts Internet Explorer is that applets cannot leave the controlled
environment. This is tantamount to claiming that Java is secure.
It has been shown that this is far from true. Felten and his team at
Princeton (http://www.cs.princeton.edu/sip/ - neue URL von mir - dl) have
broken Java's type system. In addition, they have shown numerous system-level
flaws in several of the interpreters. The result is that Java applets can
violate the intended security policy and can even run native code on the
client machine. David Hopwood at Oxford
(http://www.dice.ucl.ac.be/crypto/olivier/cq/msgs3/msg00000.html - neue URL
von mir - dl) has discovered several novel ways of breaking Java security
as well.
[...] The result is that the attacker who serves the applet gains complete
control of the client host."

Quelle
Rubin et al: Web Security Sourcebook, Wiley, New York 1997

(Hätte aber auch jedes andere Buch zum Thema Internet Security sein können)

Gruss
DL

--
Papernet:               | Internet: Dierk.Lucyga@uni-konstanz.de
Dierk Lucyga            | Voicenet: +49 7531 88 2404
Universitaet Konstanz   |----------------------------------------
D-78434 Konstanz        | PGP, MIME and eCards accepted.
-----------------------------------------------------------------
Above posting does not necessarily tally with my employers point of view.