|
A interesting look at the future of internet virus
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Saturday, 04 May, 1996
I came across this article in microtimes issue #150 It was written by Paul Hoffman. It is a interestg
look at internet security or lack of. For all you paranoid Hackers/Phreakers/computer enthusiasts th
will realy get ya going. Just some food for thought.
Enjoy,
PAc Rat:-)
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
No one questions the potential value of the internent in general, and the web in particular , for
being a vast storehouse of information. Wandering the web, you can find an incredible number of
resources on almost any topic. However, it is now becoming clear that such wandering can also be
detrimental to the health of your computer.
New kinds of Web applications and even not-so-new kinds of word documents-can contain programs
capable of revealing information about you and your computer that you never intended to reveal to anne.
Worse yet, these programs can send this information to the creators of the programs without your
knowledge. Many people are worried about viruses that they get from downloading bad programs,
but they should also be concerned about these new silent Web extension.
As if the internet needed more buzzwords, "Java" has turned into the most hyped part of the web sincthe Web itself. Reality check: it's just a programming language. Mind you, it's a programming langue
with many nice features, but it is of no more value to the web than BASIC was to early PC's.
This is not to say Java can't be incredibly useful; BASIC was also incredibly useful for a short timas the PC market was booming. But, like BASIC, Java has been vastly oversold. In fact, one of the aas
where it was supposed to be the perfect language for the web is precisley the place where it will cae
the most problems: security.
Java programs can run on Web servers or on many Web browsers. When you go to a page that has directinks to Java programs, those programs are copied to your computer and then they run. If you go to eb
page containing malicious Java programs, you are asking for them to run on your computer without havg
the slightest idea of their function.
The folks at Sun Microsystems knew this when they developed Java. Thus, they designed it to prohibi
untrusted programs from writing to your disk and reading from most parts of your disk. They also degned
Java to communicate only with the internent site where you obtain it.
Unfortunately, they didn't do a good enough job. In the past few months, researchers looking at Javhave
found many places in the design and common implementations where Java is insecure. So far, people he
found ways to create Java programs that will tell a malicious host your e-mail address, what your dictory
structure looks like, and other information that could help someone attack your system.
IN late march, security experts discovered incredibly serious flaws in Java that allow Java programso read
from and write to your disk, send messages without your knowledge, and do pretty much anything that y
program could do on your system. Maliciuos Java programs could act like viruses and corrupt your syem,
or do whatever they please. These holes exist in Netscape 2.0 and 2.01, and you should certainly nobe using
those versions to explore the Web unless you turn off your browser's use of Java programs.
Of cources, despite the fact that responsible people have reported these problems with Java's securi,
this is probably not the complete list. You can be sure that crakers and thieves are looking into Ja for there
own security holes, and certainly won't report them to the public when they find them.
Although Sun developed Java, it's Netscape who's catching the most flak for the security bugs. Thiss not
because Netscape caused the security problems in Java; it's just that it is currently the only majorhipping
a Web browser with Java in it. ( Microsoft has promised to add java to its Internet Explorer in the ming months.)
But NEtscape is responsible for a related security problem and the confusion around it. There are t different
components of Netscape Navigator that have "Java" in their names. One is Netscapes ability to run Ja applications
that are downloaded from a Web server; the other is Netscape's browser programming language called
"JavaScript" JavaScript is not Java. Instead it is a programing language that is a lot like Java buthat has a
very different method of execution.
It turns out that JavaScript also has security holes, ones that are completely different from the on in the Java
language. This isn't surprising because JavaScript does have the same tight security model that's bld into Java.
This had made it a mess to describe the different bugs for people who don't know the difference betwn Java and
JavaScript.
At press time, Netscape has fixed some of the security holes in Java and JavaScript by releasing netape navigator
2.01. However, since the release of 2.01 other security holes have been discovered. With version.01, you
can tell Netscape not to run either Java or JavaScript programs, but you have to turn this off for a pages, and
the default is to allow these programs to run.
Today, these security problems exist in Java and JavaScript only, but this won't be true for long. crosoft will
be releasing its own competing script language, and you can be sure that it will have security holess well. All
programming languages running on personal computers have security problems; you just hope the the prlems
are found and fixed by the "good guys" before the "bad guys" get a crack at them.
:-0 injection by pappy pac rat: "Who are the "good guys" the profatering pigs down at sun????ya whater"
Clearly, Sun and Netscape will try to stay on top of all the reported security holes in Java and Javcript
and will release fixes for them after they appear. However, this is insufficient, many people don'teep
up with the current release of netscape, and it is onerous to download large patches or even larger pies
of new versions. (Worse yet, the patches for the mac and windows 95 versions of netscape version 2.0idn't work on my own system, which meant i had to download both the patches and the full new versios)
The problem isn't that there are some security bugs; it is that you have no idea when a Java or Javaript
program is running on your system. You go to a Web page and there is nothing that tells you, "This ge has
a Java program on it," or " This HTML contains two different JavaScript programs."
This is quite different from the way computer viruses get passed around. With viruses, you have to r a program
that is infected in order for your computer to be infected. With Java and JavaSCript, all you have do is visit
a page on the Web that has malicious code and it runs, often without telling you.
Unless you disable Java and JavaScript programs all the time, you are vunerable to the security breaes. The
Java And JavaScript security breaches that have been described so far have not been as destructive amany
viruses. On the other hand, if some smart crackers have found more serious holes, we probably won'tear about
them until well after they've started wreaking havoc on the Web.
Combine this lack of knowledge of when you're getting bitten with the industry hype about how every sktop
will be connected to the internet, and you have a recipe for massive insecurity. Fucko Bill Gates h promised that
Windows 97 ( or whatever it will be called) will have a desktop that looks just like a Web browser, you won't
care when your looking at information on the internet and when you're looking at local information.
Great. Now you won't even have a clue when you're running a program that you bought and the one thatas
downloaded to you from an unknown Web server. IN a world where you control which programs run on yo
PC, this isn't so bad. However, when every Web document and every Word document that you open by dble-
clicking on your desktop is the possible source of a virus or at least of sending information to somne against
your wishes the computer desktop becomes a much less attractive place to work.
---------------------------------------------end article---------------------------------------------------------------------
Looks like web page viruses will be the anarchy medium off the years to come. So all you elite hacke get
crakin or should I say get Hackin on those new viruses.
Down with government, big business, and big brother and I would like to send a special FUCK YOU to Bl
Gates and microsoft for complicating or lives with bull shit we really don't need.
SOrry for any typos or mis spelling I know it's kinda fucked up to read butt I copyied it under the fluence of
JOOOOOOOOOLLLLLLLLLLTTTTTTTTTTTTTT CCCCCOOOOOLLLLLAAAAA!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! X-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
|
|
