A security flaw in Microsoft's Java Virtual Machine could allow a Java applet to wreak havoc on a system if the user simply views a Web page or e-mail message.
The Princeton Secure Internet Programming team, Drew Dean at Xerox PARC and Dan Wallach at Rice University discovered the flaw in Java Virtual Machines with Internet Explorer 4 and 5 for Windows 95, 98 or NT. The security hole allows hackers to create an attack applet that is attached to an HTML page and delivered to Java Virtual Machines that have Internet Explorer and Outlook built in to them.
Such an attack applet could read files, change content, make network connections, set up a listening station or do other actions when it launched, said Gary McGraw, vice president of corporate technology at Reliable Software Technologies, a Virginia-based software consultancy. McGraw has worked with the Princeton team on other security matters.
"It's Melissa on steroids" by taking control of a victim's computer and performing any kind of action, he said.
According to Edward Felton, a professor at Princeton and a member of the programming team, no computer has been hit by the Java flaw yet.
McGraw said the flaw was discovered a couple of weeks ago but wasn't revealed until this week, when Microsoft issued a new version of Java Virtual Machine at http://www.microsoft.com/java/vm/dl_vm32.htm and a security bulletin. He advised Java Virtual Machine users to download the new version.
"It's pure luck that the major flaws in Java haven't run wild" yet, McGraw said. Attack applets are the worse kind of Java flaw, and like other mobile code, the risks are serious, he said.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. How to improve employee productivity in small and medium businesses
Taking On Demand CRM Integration to the Next Level
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Strategies for Eliminating .PST Files
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Making the Business Case for IT Consolidation
Best Practice in Building an Integrated Information Management Strategy
Data grids and service-oriented architecture
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
AOC Launches 18.5” Widescreen Green 16:9 LCD Monitor in Australia and New Zealand 2008-12-03 15:30:00+11
FrontRange Solutions eases software license management with new License Manager 3.0 2008-12-03 14:56:00+11
Progress Software's Cure for Managing Services-based Applications 2008-12-03 14:42:00+11
S3 Graphics Unleashes Full OpenGL® 3.0 API Support with Beta Driver for Chrome 500 Series GPUs 2008-12-03 14:08:00+11
Informatica Powercenter added to Nec Infoframe Solution Suite 2008-12-03 11:36:00+11
The state of Middleware
Middleware delivers unprecedented visibility and control over your business by making timely information available to decision makers. Organisations are using Middleware to leverage their existing IT investments, while optimizing their IT and business operations, securing their infrastructure and driving compliance. Read on to discover how Middleware can help you increase your businesses profitability.
Buying Guides
Latest Products
Buying Guides
