R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Netscape users exposed to 'serious' bug

A serious and as yet unfixed bug in Netscape's Java distribution means that home computers are open to attack simply if users are unlucky enough to visit a website containing malicious code.

John Leyden, vnunet.com 09 Aug 2000
ADVERTISEMENT

A serious and as yet unfixed bug in Netscape's Java distribution means that home computers are open to attack simply if users are unlucky enough to visit a website containing malicious code.

The problem has emerged following the posting on the internet of code, dubbed Brown Orifice by its developer Dan Brumleve, which exploits a vulnerability in AOL's Netscape Navigator browser to allow an attacker to view the contents of a user's hard drive.

As yet, Netscape has not made a patch available to address the vulnerability and security experts advise that the only effective interim defence against the problem is to turn off Java in Navigator.

All versions of Netscape Navigator and Netscape Communicator versions 4.74 and earlier are vulnerable when Java is enabled. The flaw is not platform specific and systems running Windows 2000, Windows NT and Linux are known to be vulnerable through demonstration, although it is believed that Apple Macintosh users might be immune.

Matt Tomlinson, business development director at MIS Corporate Defence, said the malicious Java code uses a hole in Netscape to allow an attacker to access a user's environment.

He said users on local area networks should be protected by their firewalls, which commonly scan for malicious code, but the implications for home users are potentially "extremely serious" because the code can be modified to perform other functions.

"We believe that this exploit goes beyond file sharing and would allow an attacker to read email or perform port scanning. Anything you do from your desktop might be possible using this malicious Java code," said Tomlinson.

Richard Stagg, senior security architect at Information Risk Management, said the problem is one of the few that affect Netscape Navigator and not Internet Explorer, and added that it is more serious for home users.

He explained this is because in a corporate environment most internet connections go through a proxy server, which would guard against the exploit - but domestic users have no such defence.

"Home users are in genuine danger of having their files ripped. The only security recommendation on this is to turn off Java - but then things stop working," said Stagg.

Netscape declined to comment on the problem.

To turn Java off in Netscape Navigator:

1) Select Edit, then Preferences

2) Click on Advanced, then un-check the box next to 'Enable Java'

See also:

Hackers launch anti-censorship browser
The Cult of the Dead Cow, a group best known for its creation of the Back Orifice tool which has gained notoriety over the last few years, is working on an anti-censorship web browsing system.  29 Apr 2001
Netscape unveils latest browser software
Netscape has today finally launched the latest version of its browser software in an attempt to regain lost share against Microsoft's Internet Explorer.  14 Nov 2000
Netscape.com revamped for browser launch
Netscape has redesigned its website to better integrate applications and content with its upcoming browser release.  04 Oct 2000
Microsoft plugs Office 2000 security hole
Microsoft has issued a patch for a security hole in Office 2000, which while not critical, places a heavy burden on major users.  11 Aug 2000
bugwatch
Bug Watch: are you safe from hackers?
The end of last week saw further exploitation of UK company websites by what is a recurring threat in the IT world - the hacker. Five companies were hacked last week, but not by bored 'script kiddies', or those who do it just for fun. Three of the hacks were executed by GForce, a group which aims to raise awareness of the Indian government's treatment of Kashmir nationals.  11 Aug 2000
Microsoft hit by further Outlook bug
Microsoft has issued a patch for a vulnerability in its Outlook messaging software that could allow an attacker to use a message formatted in HTML to read files on a victim's machine.  27 Jul 2000
Security hole found in Netscape
A security hole that could expose private files has been discovered in Netscape Communicator.  21 Apr 2000
'Backdoor' found in Microsoft software
Microsoft has acknowledged that its engineers substituted certain file names with the phrase, "Netscape engineers are weenies," in some of its internet software.  17 Apr 2000

All Hacking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Software Test Engineer
| JAM Recruitment
Software Test Engineer 6 Weeks Contract £ 35 per hour Wiltshire We have an urgent need for a Software Test Engineer. Main Duties: ·Sound understanding of full software lifecycle ·Solid experience in requirements analysis ·Requirements ... more >
Software Test Engineer
| JAM Recruitment
Software Test Engineer 3 Months Contract £35 per hour Wiltshire We have an urgent need for a Software Test Engineer. Main Duties: ·Sound understanding of full software lifecycle ·Solid experience in requirements analysis ·Requirements based ... more >
Business Analyst
| Aston Carter
Major Investment Bank requires a Business Analyst to work within reference data IT. The reference data IT function is responsible for the three internal systems. One of the systems is a strategic repository for Client ... more >
Occupational Health Opportunities
| JAM Recruitment
Job Ref: CY - 27021979 Package: £25 – 42,000 +Bens Location: YORKSHIRE Job type: Occupational Health Position type: Permanent Hours: Full time Contact name: Mr Colin Youle Contact Company: JAM HUMAN RESOURCES Are you a ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503