-----BEGIN PGP SIGNED MESSAGE----- At 08:44 PM 03/29/96 -0700, rollo@artvark.com (Rollo Silver) wrote:
I'd like to hear from coderpunks/cypherpunks having ideas about how to break it, especially if you don't have the time/energy to pursue the idea to fruition yourself.
I wonder if it's possible to _subvert_ Java. That is, have site "A" send along some modifications to a Java class, so that when the user logs into site "B" (which calls that class), Nasty Things Happen. What site "A" does raises no alarm flags _until_ site "B" trips the trigger - making it look like site "B" is the Bad Guy. (WARNING! CDA Violation!) Hell, you might even be able to spread the modifications around some, so that it's even less obvious where they were done. Maybe even use the technique to modify Java itself, thus disabling security controls. Dave Merriman -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMVv4Y8VrTvyYOzAZAQEt3wP+JBpJtTLoBLuMSqWpl6b8qSsIiIVXi6fh 9JiK9xfOEptPljW1Ca/KhHNmX8wHpUyR8U8vU4XZKraAAqcGiPlHO4ojuaJfa87I LgkKGuSlsmaA7VSIZc7NkjH87B+IRhMgk5IkAE15StGyDAh9ugEm1e8X0PZjcDV0 HgokmdQMppA= =XHYT -----END PGP SIGNATURE----- ------------------------------------------------------------- "Giving money and power to government is like giving whiskey and car keys to teenage boys." P. J. O'Rourke (b. 1947), U.S. journalist. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> http://www.shellback.com/personal/merriman/index.htm