BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Hardware

Desktop platforms Toolkit

New Communicator bug found

Renee Deger ZDNet.co.uk

Published: 28 Jul 1997 09:00 BST

A computer user working at the Information Technology Institute in Singapore found the new bug and notified Netscape on Thursday, said David Andrews, senior security product manager.

What Kuo Chiang discovered was a hole in Netscape's implementation of "live connect," a language that helps the browser talk to Java applets loaded onto Web sites, said Andrews. The browser speaks JavaScript, a language invented by Netscape to seal together Web-based content in HTML and Java applets within the browser.

The result of the bug is the same as two other breaches discovered earlier this month by other sources. They all enable a malicious Webmaster to program a site so that it intercepts data a visitor enters on a Web site, such as a credit card number. The bugs allow the data to be plucked before it can be encrypted.

One of the previous bugs and the new one, however, are more invasive. They shadow Web surfers even after they leave the site.

As a result of the newest security hole in Communicator, the Bell Labs scientist that discovered one of the bugs in JavaScript earlier this month is undertaking a more intensive study of scripting languages.

"JavaScript may be in the browser, but it is a pretty powerful language," said Vinod Anupam. His study will not be limited to Netscape's implementation, however, but will focus on all versions of languages that are imbedded into browsers.

The new patch will be available within the next two to three weeks, Andrews said. Users may access the Help menu in Communicator and pluck the patch from the Security bar.

According to a technical director at ZDNet, Franco Ruggeri, Chiang's applet is tiny, one pixel by one pixel, and is saucily called "not" so the tool bar on the browser reports that "applet not running" when indeed it is. It then continues speaking to the browser as it continues on its way, recording URLs and information that users enter on many of the Web sites the users visit.

Andrews said Chiang is cooperating with the engineers at Netscape and his Web site, albeit an active one, is not malicious in its intent. And Chiang, who could not be reached for comment, did not make his code public.

Did you find this article useful?
28 out of 60 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner