-------------------------------------------------------- Web Graffiti & High Bandwidth Covert Channels Using Java -------------------------------------------------------- While developing a chat server using Java as a frontend, we've been exploiting what we think is a new Java security hole in Java-enabled browsers such as Netscape. The hole allows for opening sockets to arbitrary ports on web servers that serve Trojan-horse applets. We've also used a known security hole (covert channels) first mentioned in work by the SIP group at Princeton to create what we call 'Web Graffiti' - the dynamic insertion of text, graphics, applets, into HTML pages. Both of these attacks are three-party attacks and require Trojan- horse applets. For a draft of a paper that is work in progress, point your browser to: http://whenever.CS.Berkeley.EDU/graffiti/ Chad Yoshikawa Brent Chun chad@cs.berkeley.edu bnc@cs.berkeley.edu