Applet Attacks (Illustration)
Three Party Attack
-
Charlie produces a Trojan Horse in a Java Applet
-
Bob likes Charlie's applet (but doesn't know of Trojan Horse)
and uses it in his page
-
Alice views Bob's page
-
Charlie has covert channel to Alice
-
Bob can be innocent
Originally the accept() system call was not protected by
usual security checks in HotJava, and accepted connections to any Internet
host.
Breaking a Firewall
Applet can control which DNS server supplies the IP addresses
Another 3rd party attack:
You load applet (unknowingly) from attacker.
Applet uses getURL() that names attacker machine, but
rest of URL is a message!
Attacker redirects that URL to real URL, so you never
know about attack!
