Netscape flaw worse than 'Back Orifice'?

'Brown Orifice' bug lets Web page author see a PC's contents, but one security expert thinks it could be worse than its near-namesake

The flaw is rather straightforward -- programmers can tell a Java applet included in the browser to display a directory of what is on the victim's hard drive. Victims must visit a Web page that has been designed with the malicious code to be vulnerable.

The vulnerability was discovered recently by a security expert and posted to the BugTraq mailing list Friday night. In his message, Dan Brumleve released an example of the vulnerability and called it Brown Orifice, an allusion to the infamous computer vandal tool Back Orifice.

But "Brown Orifice" only allows computer vandals to view and read a victim's files, whereas Back Orifice allows an intruder to actually take complete control of a victim's computer remotely.

However, security expert Chris Rouland thinks the Netscape flaw may be a more serious problem than Back Orifice. "With Back Orifice, people had to do something to infect themselves. With this, everyone who uses Netscape has this problem," he said.

A spokesperson for Netscape confirmed the company was looking into the flaw.

"We are working to quickly evaluate and address this... In the interim, users can protect themselves by simply turning off Java."

Netscape users select edit, then preferences, then advanced options, and then uncheck enable Java and enable Javascript.

The flaw affects most versions of Netscape, including Linux and Windows versions. The problem lies in four Java components which can be tricked to turn a standard PC into a Web server, and then allow that Web server to display the contents of its hard drive.

"I'm surprised [the problem] is still in there," Brumleve, 22, said. "It's kind of obvious, really."

The second half of the flaw involves two parts of Java called "Netscape.Net.URLInputStream", and Netscape.Net.URLConnection". They are designed to allow programmers to display Web pages within the browser -- but Brumleve discovered the applets can just as easily be told to display local files instead.

On Brumleve's demonstration page, he offers visitors a chance to see the vulnerability in action by volunteering to submit their computers to it. Hundreds have apparently taken him up on the offer, as there are many links to computers that have allegedly been accessed using this method, starting at midday Sunday. But none of the links worked when visited at midday Monday.

There are a number of vulnerabilities that allow some kind of malicious access to a victim's computer through a specially crafted Web page -- none has become a widespread problem rising to the level of a computer virus, which can spread on its own.

Still, Elias Levy, who administers the BugTraq list, described the bug as "somewhat powerful" and potentially dangerous.

"In this day and age the line between Web pages and emails is blurring," he said. "You can run a Web page from the preview pane in Microsoft Outlook, for example."

Take me to the Summer of Hacking Special

Take me to Hackers

What do you think? Tell the Mailroom. And read what others have said.