Security Threats

• Trojan Horses
• has an overt function and a covert function
• displays animation but also discreetly searches the user's local files system and secretly emails interesting files across the network
• an applet that creates a zero-sized window remaining invisible and capturing keystrokes
• Two Vs. Three Party Attacks
• two party attack requires that the Web server on which the applet resides participate
• three party attack can originate from any site and spread
• Viruses
• inserts a copy of itself surreptitiously to other code
• Denial of Service
• applet acquires excessive amounts of a system resource(memory, CPU cycles)
• Example that
• in HotJava browser locks status line, preventing it from loading new classes
• in Netscape, locks java.net.InetAddress class, blocking all hostname lookups and hence new network connectons

synchronized 
  (Class.forName("net.www.html.MeteredStream"))
{while (true) Thread.sleep(1000); }

• "synchronized" locks an object - preventing any other threads from using it.
• Class.forName() dynamically loads a class.
• Degradation of Service
• reduce performance of browser