18 Dec
2003
18 Dec
'03
12:17 p.m.
While HotJava prevents applets from actively opening connections that violate the user-selected security policy, it allows an applet to accept connections from anywhere. At this point, an applet only has to use any one of a number of channels to communicate where it is, and have the remote end do the active open.
What if I start a Java applet then send it a faked TCP/IP packet from another host? Can I hotwire an outgoing connection that appears to be from the victim host?
I think so. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236