The web page at http://misogyny-central.com/fp1.html runs a Java applet. The pertinent code is shown here ...
<applet code="Time.class" codebase="http://misogyny-central.com/ipw-web/date/"; width="308" height="20"> <param name="textcolor" value="000000"> <param name="backcolor" value="FFFFFF"> <param name="font" value="Helvetica"> <param name="fontsize" value="13"> <param name="bordercolor" value="000000"> </applet>
Is there any way of knowing what the applet "Time.class" will do? Just because it's named "Time.class" doesn't mean it has anything to do with time. (A Java program can be named *anything* to hide its true intent, and could conceivably be planting all sorts of nasty stuff including spyware).
Is there a safe way to find out?
You raise a dubious question and you are getting a lot of ill-informed answers. Ask yourself that question - if java technologies were that breakable, how come knowledgeable people are still using it? In fact, java applets were too secure and restrictive that it was getting useless as a tool. The sandbox rules have been relaxed to allow it to do some useful real work and it only becomes a security concern if you are stupid about it... similar to giving your credit card to a stranger and shouting foul when he misuses it.
Not that java, like any other software, cannot be exploited but to read what's being said here, you'd think it's got more holes than a swiss cheese.
--
It's no surprise that things are so screwed up: everyone that knows how
to run a government is either driving taxicabs or cutting hair.
-- George Burns
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
