RE: www.WhosWhere.com selling access to my employer's passwd file

17 Dec
2003
17 Dec
'03
11:17 p.m.
We go to great pains to keep from revealing your e-mail address to a web site. Several of the fixes in 2.01 were for these sorts of problems. Given a current version of Netscape Navigator, how would a spam-king steal your e-mail address from his web page?
I just noticed an attack vector that I wasn't aware of previously. If the browser is running with CLASSPATH set to include the JDK classes.zip applets are suddenly able to enumerate all the system properties. On my system user.name is set to '?', but user.dir and user.home are both available. This isn't a huge exposure, but it is unsettling. -Blake (off to poke around further)
7872
Age (days ago)
7872
Last active (days ago)
0 comments
1 participants
participants (1)
-
Blake Coverett