Re: [SLUG] java security in Linux

[Marek Wawrzyczny <marekw1977@xxxxxxxxxxxx>]

On Mon, 6 Jun 2005 11:30, Russell Davie wrote:
> Hi
> Please give your advice on security of Java in Linux.
>
> scenario:
> I have just received a email from ANZ bank (which I don't bank with, so its
> likely to be phishing) that is linked to a bunch of Java scripts.  This is
> shown in Mozilla-Thunderbird when I move the cursor over the link.

I got one too... but, there are no links to Java applets, do you mean 
javascript? Javascript is different and unrelated to Java.

Those phishing emails come up often, but seems that they're targeting aussie 
banks again. These emails seems to flare up every now and then. In most cases 
they take you to a fake site that exploits (usually an IE) bug that allows 
the author to obscure the real origin of the site. They then ask you for 
personal information. Since the bank will never do that, delete the email 
straightaway.

I have come across one site that had a Java applet that would try and 
overwrite a Windows DLL (the applet never ran), but typically they are not 
that sophisticated. The Security Manager should prevent that from happening 
anyway. Applets should run inside a sandbox and, by design, the JVM does not 
allow them to overwrite file outside the user directory (I believe).


<...>
>
> regards
>
> Russell

-- 
--- 
Marek Wawrzyczny

-------------------------------------
"Terrorism is the war of the poor, 
and, war is terrorism of the rich."

- Peter Ustinov
-------------------------------------
-
Send instant messages to your online friends http://au.messenger.yahoo.com