More so, I'm amazed at the number of reports confusing Java and JavaScript. The number of times I've read that the Java Applet patch fixes JavaScript bugs is incredible. Finally, almost everybody seems intent on reporting how the problems can steal e-mail and directory listing, and then giving my name as the responsible party. Although I take credit for reporting the directory listing bug still viable in the final 2.0 release, my real discovery of the ability to track is often downplayed or left out!
FLASH! It has happened. The story has been mutated out of control by Educom. How much worse can it get?
If you see an article in the press mentioning these pages, please let me know.
Tasty Bits From the Technology Front,
Feb 27
The first article of interest appeared
in an electronic newsletter,
Keith Dawson's
Tasty Bits From the Technology Front.
I gave significant input to the article and was granted an editing
passover prior to its publication.
I feel its accuracy is exceptional.
Note that it was in response to an earlier piece on
Feb 19
talking about Java and JavaScript privacy/security.
CMP's NetGuide,
Mon March 4
and Tue March 5
The first article incorrectly states ``Java'' ``script'' several times,
confusing the difference between Java and JavaScript. It does attribute
me to working for the Research Institute, though.
The second article down plays the ability to track a user as a secondary
issue to the old bug of being able to merely view the directories
on your disk. It also gets my name wrong! Finally, it includes a report
that Sun and Netscape plan a complete rewrite of JavaScript later
this year.
San Jose Mercury News,
Tue Mar 5
The News titles their article with weaken security,
the old directory browsing bug, and calls all this due to bugs.
This loses the point that the tracker is really a privacy violation
that doesn't take advantage of a bug, but rather a designed in feature
of the language.
The last paragraph of the article is flawed and
it doesn't identify me as from the RI
(in fact, lists me in a confusing manner with Tennyson).
However, overall, I'm happy with the article.
It makes a very clear distinction between Java and JavaScript.
Besides, it was on the front page.
This is also the first article to state that I have received a $1000
prize from Netscape. This is not (yet) the case. I've been told I
will receive such a prize...
The Australian, Tue Mar 5
An article on page 21 in the computer section (brought to my
attention by Kim Dowling).
I haven't read it since they aren't online.
I wonder what their source was.
Mecklermedia's Web Developer,
Thu Mar 7
This article has a wonderful summary of the report from the
WWW Security FAQ
in its second paragraph. It only forgets to report where I work.
It's a shame then that they totally blew it by confusing the Java patch
released by Netscape as having to do with JavaScript. This is the basis
for their headline, which is about as wrong as you can get.
UPDATE: This article was pulled after I pointed out the above problems.
Note that they had previously given a good pointer to the WWW Security FAQ,
including pointing out the difference between Java and JavaScript in the
Feb 29 issue.
Educom's Edupage,
Thu Mar 7
Well, I told you the SJ Mercury News article listed me in a confusing manner.
Educom has just gotten Tennyson a job at OSF! Even though I brought it to
their attention, it took until
Mar 10
to get it corrected.
PC Week, Mon Mar 11
Somewhat interesting article, starting on page 1 and continued on page 88.
Noteworthly in that they mentioned that these problems were "fixed" before
2.01 was even released. They obviously talked to Netscape (but not me!).
They actually don't mention me, but they do list my URL.
MacWeek Online,
Wed Mar 13
A well written article by James Staten. This one is the first I've seen to
get everything right!
Computing Canada,
March 28
A well written article by Dale Burger, on page 1.
Internet Reporter N08
This is an article in a French paper, on page 63.
C'T, May 96
An article in a German paper, on page 72, sited by Thomas Radetzki.
The Net,
July 96
In the net desk, News Flashes second, on page 18.
Several people, starting with Mike Affourtit, have brought this article
to my attention.
I have not seen it, but one person mailed me a copy they transcribed.
The article seems concise and correct, but is under the title
Java Breaches Security.
(Oh, And they called me a Hacker; the Guild would be proud).
Other references I've seen reporting on this issue
Last modified on .
This page accessed times.