Date: Fri, 23 May 1997 12:39:44 -0000 From: "CyberScape Digest" To: CyberScape-Digest-Subscribers@cris.com Subject: CyberScape Digest CYBERSCAPE DIGEST Welcome to CyberScape Digest, a roundup of top internet stories delivered weekly to Faulkner Information Services subscribers. This issue of CyberScape Digest covers events from Monday 5/19 through Friday 5/23. Here's what you should know... ACADEMICIANS EXPOSE JAVA FLAW A University of Washington-based research group, which comprises Associate Prof of Computer Science Brian Bershad, grad student Emin Gun Sirer, and undergrad Sean McDirmid, has discovered a bug in the Java Virtual Machine. Specifically, JVM's byte-code verifier is accepting some bad byte code, which causes it to crash during classloading. Sun has sent a fix to licensees, but claims that since the problem only causes crashing (i.e., it doesn't result in data loss or theft) it's not a true security issue. But Professor Bershad disagrees, and tells CyberScape that "any crash in a typesafe system means only that typesafety (and hence security) has been compromised. In other words, a browser crash is a variant of a security flaw where you just got lucky." [http://kimera.cs.washington.edu/] SUBSCRIBING & UNSUBSCRIBING If you received this issue of CyberScape Digest, you are already a subscriber. To unsubscribe, just send email to cyberscape@faulkner.com and request your removal from our mail list. SEND YOUR QUESTIONS, COMMENTS, TIPS Amy McLeer Editor, CyberScape Digest Faulkner Information Services cyberscape@faulkner.com CyberScape Digest, copyright 1997, Faulkner Information Services. All rights reserved.