Re: open socket in java

tobyPEOPLESEARCH.COM.AU

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Russell Fulton: "Re: No Security is Bad Security:"
• Previous message: Shok: "Update on w00w00 article (bug report)"
• Maybe in reply to: nino: "open socket in java"
• Next in thread: Aviram Jenik: "Re: open socket in java"

nino worte:
<snip>
>
> The implications are obvious. If any host can connect to the machine
> running the aplet, you could tell java to do things like the boserver.
> If
> you have a completely open socket, its rock n' roll !
>
<snip>

I may be missing something here, but from what I understand of the bug
it _doesn't_ constitute a major security issue. All it means is that we
have an open socket to a Java APPLET - (note: *not* a Java application)
- running on the machine, and are still subject to the "sandbox"
restrictions that applets have. We can't read/write files on the local
machine or do anything that we couldn't do with an applet anyway.

Please correct me if I'm wrong, but I don't think it's anything to get
too excited about kiddies - the Java/Javascript combo that let's you
read files (posted on bugtraq a month or so ago) is much more
interesting :)

Stay cool,
Toby

• Next message: Russell Fulton: "Re: No Security is Bad Security:"
• Previous message: Shok: "Update on w00w00 article (bug report)"
• Maybe in reply to: nino: "open socket in java"
• Next in thread: Aviram Jenik: "Re: open socket in java"