'Brown Orifice' bug lets Web page author see a PC's contents, but one security expert thinks it could be worse than its near-namesake.

By Bob Sullivan, MSNBC August 7, 2000 4:38 PM PT

The flaw is rather straightforward -- programmers can tell a Java applet included in the browser to display a directory of what's on the victim's hard drive. Victims must visit a Web page that has been designed with the malicious code to be vulnerable. The vulnerability was discovered recently by a security expert and posted to the BugTraq mailing list Friday night. In his message, Dan Brumleve released an example of the vulnerability and called it Brown Orifice, an allusion to the infamous computer vandal tool Back Orifice.

http://www.zdnet.com/zdnn/stories/news/0,4586,2612676,00.html?chkpt=zdhpnews01

-- Doris (reaper1@mindspring.com), August 08, 2000

Answers

Upon email request I will inform people
on how to keep sensitive information
hidden from such intrusive code.

-- spider (spider0@usa.net), August 08, 2000.

Also the Adobe Acrobat security hole can be fixed here

-- spider (spider0@usa.net), August 08, 2000.