WSJ on Big Java Flaw

Mutant Rob wlkngowl at unix.asb.com
Wed Mar 27 06:30:48 PST 1996


John Young wrote:
>    Wall Street Journal, March 26, 1996, p. B4.
>    Researchers Find Big Security Flaw In Java Language
>    By Don Clark
> 
>    A team of Princeton University researchers said they
>    discovered the most serious security flaw yet in the widely
>    used Java programming language from Sun Microsystems Inc.
> 
>    The flaw could make it possible for unscrupulous hackers to
>    destroy files or cause other types of damage on any
>    personal computer that uses Netscape Communications Corp.'s
>    Navigator program, said Edward Felten, a Princeton
>    assistant professor of computer science who helped discover
>    the flaw.[..]
>    Mr. Felten said that unscrupulous people who discovered the
>    flaw could boobytrap a Web page on the Internet,
>    essentially seizing control of the browser software of any
>    PC that tapped into that page. At that point, the hackers
>    could read or delete an entire hard disk of data files.
>    "The consequences of this flaw are as bad as they can be,"
>    he said.[..]

The generalized halting problem comes to mind...

Since it can be proved that there's no complete set of heuristics
to tell if a given program has a characteristic (such as "secureness")
then sooner or later someone will discover another security flaw.

A question is whether a simple patch is made or if the set of heuristics
is widened (ie, learn from mistakes) so that similar flaws can be found
based on knowledge of that one flaw.






More information about the cypherpunks-legacy mailing list