Yet Another Java Flaw - anyone know details about this?

I Find Karma (
Tue, 26 Mar 96 10:48:08 PST

March 25, 1996
Web posted at: 9:30 a.m. EST

NEW YORK (CNNfn) - Princeton University researchers have discovered a
major flaw in Sun Microsystems' popular Java software, allowing hackers to
destroy files or damage any personal computer that uses Netscape
Communication Corp.'s Navigator Web browser.

The Wall Street Journal reported Tuesday that Sun admitted to the "serious
bug," which the company said it plans to soon fix.

Mountain View, Calif.-based Sun originally touted Java as a secure
language, but the latest discovery follows at least two other similar

According to Princeton researchers, the latest problem would allow
inventive hackers to boobytrap a Web page on the Internet.

When a user searched the page, the hacker could seize control of the
consumer's PC and read or delete hard drive files. "The consequences of
this flaw are as bad as they can be," said Edward Felton, a Princeton
assistant professor.

Researchers say Netscape Navigator, the world's most popular Web-browsing
software, is vulnerable because it uses Java. Java allows a Web browser to
create tiny programs that transfer data from the Web to a PC.

The issue of Web security plays a paramount role in opening the Internet
to new users who might feel uncomfortable transferring personal
information and credit card numbers without security guarantees.

The Journal said researchers notified Sun of the latest problem on Friday.
A company spokeswoman said Sun is testing a remedy to the flaw and will
distribute it to Netscape and other Java users in about two days.

A Netscape spokesman said the company will in turn distribute updated
versions of the company's Web browser to customers. "We plan to fix it and
get it out to our customers as fast as we can," Jeff Treuhaft, a Netscape
product manager, told the newspaper.

Separately, the Journal reported that Sun will introduce products Tuesday
designed to service so-called "intranets." Intranets are Internet-like
entities that let companies create inter-office Web pages and use
electronic mail. An intranet site is not accessible from outside the
company without special authorization.

The newspaper said Sun, a fast-growing maker of workstations and servers
that build Web sites, will offer companies a range of products from a kit
used to write the company's Java programming language to a Web-page
publishing kit.

Steve Milunovich, an analyst at Morgan Stanley, told the Journal that Sun
is probably entering the intranet market to boost sales of its mainline
workstations and computer network servers.