it is about JavaScript (Re: Microsoft Programs)

Li Gong (gong@games.eng.sun.com)
Sun, 8 Feb 1998 14:05:14 -0800

Date: Sun, 8 Feb 1998 14:05:14 -0800
Message-Id: <199802082205.OAA22894@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: java-security@java0.javasoft.com
Subject: it is about JavaScript (Re: Microsoft Programs)
In-Reply-To: Ren Bauset's mail of Sun, 8 February, 1998

Thanks for the pointer to http://www.royalbank.com/, and it is an
alert of known bugs in JavaScript, which is actually distinct from
Java and is implemented (in C, mostly) by Netscape and Microsoft. So
fortunately it is not a security problem in our products :-)

>From the alert page https://www1.royalbank.com/english/ib/sgne.html:

Royal Bank has been made aware of a potential security problem
on the Internet as a result of a bug in certain browsers. To
ensure your privacy, it is important that you disable your
browser's JavaScript capability and then close down and
restart your browser.

Please refer to our Security Alert Details page, in the Info
Centre, for additional information and details on how
to disable JavaScript.

and from Details page http://www.royalbank.com/english/security.html:

The CERT Coordination Center (www.cert.org) has received
reports of a problem in JavaScript that enables attackers to
monitor a user's Web activities. This problem, dubbed the
"Bell Labs Privacy Bug" affects most of the current versions
of browsers from Netscape and Microsoft.

Both Netscape and Microsoft are working on a fix for this
problem, and it is expected that new versions of browsers
containing the fix will be made available for download from
their Web sites shortly.

Thanks again.

Li

Ren Bauset writes:
> Li Gong wrote:
> >
> > Hi,
> >
> > The embedded base64 file in your msg was corrupted and I could not
> > decode it. Can you extra the ascii content and send it in plain mail
> > message? Also, are you talking about a Microsoft product or a
> > JavaSoft product? If you are talking about Microsoft software, then
> > this is not the right mailing address. Thanks.
> >
> > Li
>
> see web site criteria below. The message refers to a java problem.
> >
> > Ren Bauset writes:
> > > You may be interested in the Royal Bank's security alert against your
> > > product.
> > > The Royal has a net service for accesing accounts and doing certain
> > > banking operations. I can access my account by simply ignoring the
> > > message.
> > > Also, the bank offers software similar to Quicken for managing accounts,
> > > etc...but since I am on a Mac platform I cannot use the Royal or other
> > > Canadian banks account software because Windows 95 only is supported.
> > > Q: Is this another one of Uncle Bill's tricks?
> > >
>
> http://www.royalbank.com/
>
> go to on-line services
>
> hit the registered user button
>
> The message in question appears
>