OFF: very, spam question,was:OFF: RIP UWP lyrics archive
Wian Chao Drew
wiandrew at COPPER.UCS.INDIANA.EDU
Thu Jan 9 18:32:37 EST 1997
> > You wouldn't believe what can be done with Java. It's pure eeeevil.
Na, Java is pure good. The only way it manages to wrangle such data
out of your machine is if you're using a nasty browser anyway ;>
(Like just about anything out there.)
> > Would you like to explain that ? Javascript maybe, Java I am resonably sure would
> > not allow you to do it.
I dont remember exactly how it's done, but it goes something like this:
The java applet loads into your computer. It then directly contacts port
25 of the web server computer to send a message manually using SMTP. Part
of SMTP's immediate response is to query your computer externally for your
user ID. The java applet could be directly sending the mail message to
say, the web pages' owner.\
The web server, itself, however does not do this. Not by default. Someone
has to be intentionally setting this up.
> Doesn't it depend upon the SecurityManager implementation? Some apps are
> more loose-lipped than other in this regard. I believe HotJava, for
> example, is much more permissive than, say, Netscape.
Netscape falls for it. I've tried it. I also think you may find the new
release of Java is more secure.. if Microsloth or Nutscrape ever gets
around to implementing it.
-Pinwheel in Vermont
More information about the boc-l
mailing list