Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Java and Internet security
- To: tlug@example.com
- Subject: Java and Internet security
- From: turnbull@example.com (Stephen J. Turnbull)
- Date: Tue, 21 Nov 95 12:21 JST
- Cc: Jeffrey Friedl <jfriedl@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug@example.com
I noticed in the most recent issue of Scientific American (Nov 1995,
"Meta-Virus," p. 25) that William Cheswick (AT&T Bell Labs, co-author
of "Firewalls and Internet Security") calls Java the "Virus
Implementation Language."
I may be an alarmist, but I'm in good company.
That bit of self-serving self-justification out of the way, note that
Cehswick does not claim that Java is bug-ridden. He does point out
that (1) it only takes one security hole, and (2) that configuration
of the security features is not something for beginners. Furthermore,
the more powerful features you enable in a Java-capable browser, the
more likely you are to inadvertantly create an unnecessary hole.
On the bright side, the article also points out that although there
are a fair number of known security holes out there, many have gone
completely unused (eg, the buffer bug in NCSA HTTPd 1.3) as far as
anyone knows. So it's something to be aware of, but probably nothing
to lose sleep over. The Dark Side of the Force has not completely
taken over....
--
Stephen J. Turnbull
Institute of Socio-Economic Planning Yaseppochi-Gumi
University of Tsukuba http://turnbull.sk.tsukuba.ac.jp/
Tennodai 1-1-1, Tsukuba, 305 JAPAN turnbull@example.com
- Prev by Date: schedule of Linus in Japan all most fixed
- Next by Date: Re: tlug-digest V1 #77
- Prev by thread: Re: schedule of Linus in Japan all most fixed
- Next by thread: Re: tlug-digest V1 #77
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |