Vulnerability Development mailing list archives
Newbie in Jeopardy
From: pram512 () YAHOO COM (Me Uh, K.)
Date: Wed, 6 Oct 1999 13:28:21 -0700
from our FAQ: (http://securityfocus.com/forums/vuln-dev/intro.html) <quote> The VULN-DEV list exists to allow people to report potential or undeveloped holes. The idea is to help people who lack expertise, time, or information about how to research a hole do so. </quote> I am all of those things, so I don't know if this is really a <potential> hole that should be reported. (but that's why lists are moderated by people who know more than me, isn't it? :) Anyway - tying to play muti-player Jeopardy on Sony's game site (http://station.sony.com) requires that you grant their applet 2 seperate High Risk Security privileges: (both signed by Sony's certificates, validated by Verisign) Reading, modifcation or deletion of any of your files -AND- Contacting and Connecting with other Computers over a network Now, I've got NO experience with security, but it seems to me that this could be a seriously bad combination, that could lead to total compromise of your machine, if say, Sony's network wasn't as well-organized as they'd like to believe. (And to think Dad said that nothing bad could ever come of Jeopardy:) Suggestions/advice/ect on how I can investigate this potential security risk? Am I wasting my time? (obviously, in and of itself, the security of sony's video games are not particularly important, but I figure it's a great learning experience, and would make a fabulous tutorial regarding Java security analysis) -mia k. (who just wants to waste her lunch hour spouting phrases like 'What is the South Nile Delta without having to worry about having her computer expolde) __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com
Current thread:
- Re: Guestbook perl script (error fix) Blue Boar (Oct 04)
- Re: Guestbook perl script (error fix) Matt Carothers (Oct 08)
- Newbie in Jeopardy Me Uh, K. (Oct 06)
- Re: Newbie in Jeopardy Nimrod Vered (Oct 09)
- Re: Guestbook perl script (error fix) Erik Parker (Oct 08)
- SSH and X11 forwarding Rob Quinn (Oct 08)
- fbsd 3.3 ospf_monitor research Brock Tellier (Oct 08)
- Re: fbsd 3.3 ospf_monitor research Jeff Bachtel (Oct 10)
- Re: fbsd 3.3 ospf_monitor research Andrew Reiter (Oct 11)
- restoretextmode problems robert (Oct 11)
- Newbie in Jeopardy Me Uh, K. (Oct 06)
- NT SysKey should be breakable Mikael Olsson (Oct 08)
- Re: NT SysKey should be breakable Mikael Olsson (Oct 09)
- 2 dodgy network programs Antonomasia (Oct 09)
- Re: Guestbook perl script (error fix) Matt Carothers (Oct 08)