Date: Wed, 21 May 1997 12:24:31 -0700
Message-Id: <199705211924.MAA08668@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: josh@internetwork.net
Subject: Re: I got an e-mail from microsoft
I haven't seen the articles you refer to, but the fact of the maatter
is that there are no security attacks known that are built on the
verifier bugs described in the UW's report.
There's been a lot of inquiries about this, and we'll be putting up
more info on our web site later today, to address people's questions.
The upshot is that no, there are no security attacks built on the
verifier bugs that are capable of leading to data loss. If you read
what is on the UW's web site carefully, you'll see that in every
instance they say "potentially" or "could", to distinguish that from
an attack that someone actually constructed.
Our web info on this is at http://java.sun.com/sfaq/UW.html. More
info will get added to that later.
Marianne