Mailing List Archive

Support open source code!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Java and Internet security

I noticed in the most recent issue of Scientific American (Nov 1995,
"Meta-Virus," p. 25) that William Cheswick (AT&T Bell Labs, co-author
of "Firewalls and Internet Security") calls Java the "Virus
Implementation Language."

I may be an alarmist, but I'm in good company.

That bit of self-serving self-justification out of the way, note that
Cehswick does not claim that Java is bug-ridden.  He does point out
that (1) it only takes one security hole, and (2) that configuration
of the security features is not something for beginners.  Furthermore,
the more powerful features you enable in a Java-capable browser, the
more likely you are to inadvertantly create an unnecessary hole.

On the bright side, the article also points out that although there
are a fair number of known security holes out there, many have gone
completely unused (eg, the buffer bug in NCSA HTTPd 1.3) as far as
anyone knows.  So it's something to be aware of, but probably nothing
to lose sleep over.  The Dark Side of the Force has not completely
taken over....

                            Stephen J. Turnbull
Institute of Socio-Economic Planning                         Yaseppochi-Gumi
University of Tsukuba            
Tennodai 1-1-1, Tsukuba, 305 JAPAN       

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links