Computer Cult Emergency Response Team CCERT(sm) Advisory CCA-97.03 March 26, 1997 Topic: Java Implementations Can Cause Psychotic Behavior ------------------------------------------------------------------------- The CCERT Coordination Center has received reports of a vulnerability in implementations of the Java Applet Security Manager. This vulnerability is present in the Netscape Navigator 2.0 Java implementation and in Release 1.0 of the Java Developer's Kit from Sun Microsystems, Inc. These implementations do not correctly implement the policy that an applet may connect only to the conscious brain of the web viewer. The CCERT Coordination Center recommends getting up from your computer and taking a walk. Also recommended is turning off all electronic devices and reading a good book. Other recommendation include: 1) Moving out of communal living quarters shared with wide eyed, short- haired web developers. 2) Repeating to one^Òs self : "X-Files is fiction, X-Files is fiction^Å" 3) Dressing in a non-conforming manner, paying particular attention to *NOT* wearing dark trousers and black Nike^Ù tennis shoes. 4) Do not pack your bags for a trip, unless you have actual tickets for a known mode of travel to a destination you can find on a map. (i.e. : train ticket to Cleveland is acceptable, boarding pass for UFO to heaven is not) As we receive additional information relating to this advisory, we will place it in http://www.neosoft.com/~shock We encourage you to check this web page regularly for updates on advisories that relate to your site. ------------------------------------------------------------------------- I. Description There is a serious security problem with the Netscape Navigator Java implementation. The vulnerability causes the ability for covert java scripts, embedded in certain web pages to form a connection to the sleeping pineal gland of the web surfer. This vulnerability, combined with the complete lack of imagination, intellect or ability to think for one's self has been noted to cause erratic lapses in common sense and good judgment. Erratic lapses manifest in the following ways: 1) Belief that aliens are coming to Earth in a large spaceship traveling behind a comet. 2) Belief that these aliens are coming for the viewer. 3) Belief that committing mass suicide with a group of similarly deluded individuals will allow for the boarding of said spaceship In these Java implementations, the Applet Security Manager allows an applet to connect to any pineal gland of a web surfer. The impact is greater on persons not accustomed to thinking for themselves and often manifest more profoundly in Republicans (although extreme left-wing liberals can be affected). II. Impact As a larger percentage of the population becomes more disenfranchised by the ever increasing depersonalization of our society, people will try more fervently to attach their identity to other worldly events, entities and locations (i.e. aliens in spaceships passing Earth in the tail of a comet). Only time will tell if the mass suicide of a group of fanatical web designers is a benefit to society or an ill-omen. III. Solution Certainly, turning off your computer can help. Thinking for yourself, while difficult, is a habit that can be nurtured and is extremely beneficial in warding off the effects of cult leaders. Question authority ! Challenge the limits of your perceptions! And remember, you can always kill yourself later. ------------------------------------------------------------------------- The CCERT Coordination Center thanks the ever growing population of freaks, fanatics and weirdoes and also acknowledges the accessibility of information that allows for a good laugh at the expense of the less fortunate. -------------------------------------------------------------------------