|
search / subscribe / upload / contact |
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
| RSS-Feed Depeschen |  |
|
|
||
|
||
Date: 1998-07-18
Boeses Sicherheits/loch im Navigator-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- Bösartige Java applets können die "security controls" des Brausers ausschalten, womit er schutzlos gegen Angriffe aller Arten ist. Netscape spielt den Fall herunter, die Entdecker des Bugs machen für die Unsicherheit auf Java's "security architecture" zurück. Nur für die 4.5 Betaversion des Navig/ & Communic/ator wurde das Sicherheits/loch geflickt -.-.- --.- -.-.- --.- -.-.- --.- CNET NEWS.COM July 17, 1998, 12 p.m. Just in the nick of time for its Communicator 4.5 beta release, Netscape Communications has moved to fix a serious security hole that affects certain versions of its Web browser. The flaw, discovered and brought to Netscape's attention by the Secure Internet Programming group at Princeton University, lets a malicious Java applet disable the browser's security controls, leaving the user's computer defenseless against attacks over the Internet. "The potential consequences are as severe as they could be," said SIP director Edward Felten. "Once you penetrate the security of the browser, then there isn't more protection. Someone can write an applet that can seize control of the victim's machine and delete or modify files, spread viruses, or whatever." ... While emphasizing that the company takes all security breaches seriously, Netscape executives downplayed the threat posed by this particular hole. ... The flaw, which affects only versions 4.0x of Netscape's Navigator browser, lies in the implementation of what are called "class loaders" in the Java programming language. These units load and put together classes, or units of Java code, within the Java virtual machine (JVM), the software that lets applications written in Java run on multiple platforms. ... While the flaw discovered in this case is specific to the Navigator 4.0x browsers, Felten and his group lay much of the blame with the Java security architecture. ... Princeton's SIP notified Netscape last week about the hole, and the company said it had patched the hole in time for the beta release of Communicator 4.5. For those using Communicator Versions 4.01 to 4.05, Netscape in the next few weeks will post another revision of the 4.0x browser with the hole patched. Full text http://www.news.com/News/Item/0,4,24335,00.html http://www.news.com/News/Item/Textonly/0,25,24335,00.html?st.ne.ni.pfv -.-.- --.- -.-.- --.- -.-.- --.- TIP Download free PGP 5.5.3i (Win95/NT & Mac) http://keyserver.ad.or.at/pgp/download/ -.-.- --.- -.-.- --.- -.-.- --.- - -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- edited by Harkank published on: 1998-07-18 comments to office@quintessenz.at subscribe Newsletter - -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- 
|
|
|
 |
CURRENTLY RUNNING |
q/Talk 1.Juli: The Danger of Software Users Don't Control
|
|
|
!WATCH OUT! |
bits4free 14.Juli 2011: OpenStreetMap Erfinder Steve Coast live in Wien
|
|