Hostile Applets Home Page

Jeff Nelson (jnelson@dialogosweb.com)
Fri, 10 Jan 1997 16:05:00 -0500

Date: Fri, 10 Jan 1997 16:05:00 -0500
From: jnelson@dialogosweb.com (Jeff Nelson)
To: java-security@java
Subject: Hostile Applets Home Page

------------3CEE536A7CAF0
Content-Type: multipart/alternative; boundary="----------59812425F331"
X-Sun-Content-Length: 1356

------------59812425F331
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii

I just wanted to make sure you folks had seen this page.

http://www.math.gatech.edu/~mladue/HostileApplets.html

--
DiaLogos, an ICL Dais Partner, delivers support, education, consulting
and implementation services to organizations building high-performance
                distributed applications based on CORBA 2.0.
                          Http://www.dialogosweb.com

------------59812425F331 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii

I just wanted to make sure you folks had seen this page.

http://www.math.gatech.edu/~mladue/HostileApplets.html
 
-- 
DiaLogos, an ICL Dais Partner, delivers support, education, consulting 
and implementation services to organizations building high-performance 
                distributed applications based on CORBA 2.0.         
                          Http://www.dialogosweb.com
 
------------59812425F331--

------------3CEE536A7CAF0 Content-Type: text/html; charset="us-ascii"; name="HostileApplets.html" Content-Disposition: inline; filename="HostileApplets.html" Content-Base: "http://www.math.gatech.edu/~mladue/Hos tileApplets.html" X-Sun-Content-Length: 6302

Hostile Applets Home Page

A Collection of Increasingly Hostile Applets

These simple Java applets were created in order to point out the potential for downloading hostile applets. They weren't designed to be beautiful. Clearly there are many more effective ways that things can be done, and the presence of hostile activity need not be advertised at all. They've been tested on a Sun Sparcstation 20 running Solaris 2.5 and OpenWindows 3.5. They've also been tested on a DEC Alpha running Digital UNIX V3.2C and an SGI Indy running Irix 5.3. How effective they are depends on how you have things set up, so in any case you should exercise due caution in exploring their effects.

Warning! These Java applets perform hostile acts.

Now that you've seen how sneaky and disruptive these applets can be, you might like some more information about them. In addition to my articles and source code, you might also like to read some recent papers by Dean, Felten, and Wallach on Java Security. For a more complete introduction to the subject, check out Java Security: Hostile Applets, Holes and Antidotes by Ed Felten and Gary McGraw. If you remain unconvinced that UNIX viruses really do exist in the wild, I recommend that you read some of the white papers that you'll find at CyberSoft, Inc. , and by all means track down some of the references that they give. And you can drop me a line if you like. You'll find me at

mladue@math.gatech.edu.

------------3CEE536A7CAF0--