|
PureBytes Links
Trading Reference Links
|
WARNING
This web site puts a security alert on your computer. Do not go there
unless you want your browser to have a "security alert' appear each time
you open it.
----------
> From: Gerrit Jacobsen <gerrit.jacobsen@xxxxxxxxxxxxxxxxxx>
> To: omega-list@xxxxxxxxxx
> Subject: IE 3.0 Warning - TS system snooping ?
> Date: Monday, March 02, 1998 6:16 AM
>
> Bob Brickey has published this very valuable warning regarding the
> IE 3.0.
>
> Anyone who wants to check further on this and other security
> subjects should have a look at
>
> http://www.digicrime.com/
>
> Have fun and suspense. (not for the faint hearted)
>
> Gerrit Jacobsen
>
>
>
> > First, It's important to distinguish between Java
> > applications and applets. Both wirtten in Java,
> > applets are compiled bytecode files residing on the
> > host machine which are d/l'd and executed within the
> > Browsers environment. This is done by the ClassLoader
> > puting the bytecode into memory and then being verified
> > so as not to violate security restrictions. Some of those
> > restrictions are the inability to read/write to the local
> > filesystem. Java applications, OTOH, have the potential
> > to do more harm because there is some level of trust
> > assumed between the remote host and the local host. RMI,
> > remote method invocation, does what it suggests.
> > Look, i'm not trying to start an out-of-context
> > thread in this list, and i'm sure that there are devious
> > little madhackers chipping away at potential loopholes in
> > the Java Spec. But the fact is that it's going to take more
> > than a malicious webmaster to mung up your machine.
> > Java applets running in a browser that don't prompt
> > you for any input or send anything back to the remote host
> > are harmless. perod. If you're not comfortable with that, you can
> > disable it. just my .02 lantern@xxxxxxxxx
> >
> >
> >
> > On Tue, 24 Feb 1998, Jim Lovejoy wrote:
> >
> > > Thanks for the warning! I personally use IE4.0 without Active
> > > Desktop and have not had one problem with it yet on Win95 OSR2.
> > >
> > > Question...
> > >
> > > It was my understanding that Javascript (being a scripting
> > > language) is not dangerous. Mainly because it is embedded in html
> > > and not a downloading executable. Is this true?
> > >
> > > On the other hand Java applets (small executable programs) have
> > > the potential to damage but no one has figured out away yet. This
> > > is because Java was not designed to machine level like C or CGI.
> > > Is this true?
> > >
> > > Just want to make sure my facts are right.
> > >
> > > Jim Lovejoy
> > > fastgroup@xxxxxxxxxx
> > > Pain is inevitable... Misery is optional.
> > > -Unknown
> > >
> > > -----Original Message-----
> > > From: Scientific Approaches <sci@xxxxxxxxxx>
> > > To: Omega Mailing List <omega-list@xxxxxxxxxxxxxxx>
> > > Date: Tuesday, February 24, 1998 2:37 PM
> > > Subject: Internet Explorer 3.0 Warning
> > >
> > >
> > > >This doesn't have anything to do directly with trading, but
> > > >almost everyone on this list uses web browers, so you may find it
> > > >interesting.
> > > >
> > > >Hoaxes about how email viruses can damage your computer and other
> > > >such things are prevalent on the Internet. Almost all such
> > > >stories are total nonsense.
> > > >
> > > >However, there is a significant risk you should be aware of.
> > > >Microsoft Internet Explorer Version 3.0 has a major security hole
> > > >that allows any webmaster to take control of your Windows desktop
> > > >- including accessing any confidential files on your computer.
> > > >Webmasters can do almost anything you can do sitting at your
> > > >computer. They can upload files, download files, search and
> > > >replace text in files, delete files, and run programs. They can
> > > >leave software that will give them repeated access each time you
> > > >log back
> > > on
> > > >the Internet in the future.
> > > >
> > > >The problem was a major embarrassment to Microsoft. Microsoft
> > > >released Version 3.01 to fix the problem, but within hours a
> > > >teenager in California circumvented their fix and published a
> > > >work-around on the web. Microsoft then released Version 3.02 to
> > > >block his work-around.
> > > >
> > > >If you are using MSIE 3.0, seriously consider updating either to
> > > >3.02 (a small update) or to 4.x (a major upgrade, and one I don't
> > > >recommend if you are using Win95 or WinNT). Another option is to
> > > >switch to a Netscape browser (my personal preference). You can
> > > >obtain free Microsoft browsers from:
> > > >
> > > > http://www.microsoft.com/
> > > >
> > > >and free Netscape browsers from:
> > > >
> > > > http://www.netscape.com/
> > > >
> > > >However, you should know that all HTML 4.0 compliant browsers,
> > > >including recent versions of both Microsoft and Netscape
> > > >browsers, expose your computer to malicious damage, because they
> > > >support the automatic
> > > downloading
> > > >and execution of small computer programs, called applets, that
> > > >add pizzazz to many web sites. Simple applet programs do such
> > > >things as change the color of a button when the mouse cursor
> > > >moves over it or display a message in the status bar to give web
> > > >site visitors more information about a link. They can make web
> > > >pages bounce, shimmy, sing and gyrate. They also are commonly
> > > >used to do such things as validate forms before visitors submit
> > > >them and to produce sophisticated graphics animation. They
> > > >provide the means to do lots of "neat" things, but they also
> > > >provide the means to automatically download and execute programs
> > > >you won't even know about that can damage your computer.
> > > >
> > > >Restrictions have been imposed on what automatically downloaded
> > > >applets can do, but they can be circumvented by knowledgeable
> > > >programmers. You can protect yourself from that risk by
> > > >switching off applet support in your browser setup options. The
> > > >terminology is different in different browsers. Look for
> > > >JavaScript, Jscript, Java Applet, VB, or ActiveX support. You
> > > >may not want to do that if you like the gimmicks on leading-edge
> > > >web sites, but it eliminates the risk of potentially nasty
> > > >consequences.
> > > >
> > > > -Bob Brickey
> > > > Scientific Approaches
> > > > sci@xxxxxxxxxx
> > > >
> > >
> >
> >
|