Netscape's Java Security Hole

[chris () RITC CO UK]

Hi all,

This probably isn't ripe for release yet, given that Netscape hasn't fixed
it yet, but unfortunately the whole world knows about it now that it's
been on SlashDot. Basically, an unsigned Java applet in Netscape can read
any file on the system AND act as a web server, serving those files to
anywhere in the world. This is due to a bug in Java and a bug in Netscape.

http://www.brumleve.com/BrownOrifice/

Ciao, Chris.
   ___ __     _
 / __// / ,__(_)_  | Chris Wilson <chris () ritc co uk> | Phone: 01223 503 190 |
/ (_ / ,\/ _/ /_ \ | Unix Systems & Network Engineer | RITC (Cambridge) Ltd |
\ _//_/_/_//_/___/ +-- Perl/C/Web/Java Programming --+ Cambridge CB3 0DG UK |