SLUG Mailing List Archives
Re: [SLUG] java security in Linux
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] java security in Linux
- From: Russell Davie <rjrd@xxxxxxxxxxxxxx>
- Date: Mon, 06 Jun 2005 12:36:05 +1000
- User-agent: Debian Thunderbird 1.0 (X11/20050116)
Marek Wawrzyczny wrote:
On Mon, 6 Jun 2005 11:30, Russell Davie wrote:
Please give your advice on security of Java in Linux.
I have just received a email from ANZ bank (which I don't bank with, so its
likely to be phishing) that is linked to a bunch of Java scripts. This is
shown in Mozilla-Thunderbird when I move the cursor over the link.
I got one too... but, there are no links to Java applets, do you mean
Those phishing emails come up often, but seems that they're targeting aussie
banks again. These emails seems to flare up every now and then. In most cases
they take you to a fake site that exploits (usually an IE) bug that allows
the author to obscure the real origin of the site.
I have firefox running spoofstick, and this says the origin of the page.
They then ask you for
personal information. Since the bank will never do that, delete the email
other users on this machine may not be so careful.
I have come across one site that had a Java applet that would try and
overwrite a Windows DLL (the applet never ran), but typically they are not
that sophisticated. The Security Manager should prevent that from happening
anyway. Applets should run inside a sandbox and, by design, the JVM does not
allow them to overwrite file outside the user directory (I believe).
this is what I would like to be clear about
Apart from spamfilters, is reliance on JVM design enough? (apart from
continually reminding the users)