A new hole has been dug and Netscape users are falling in. A little java applet called Brown Orifice, named for a hacker utility called Back Orifice, is out there lurking in cyberspace. The applet can reside on any web site and you can’t see it if it’s there. If you access a web site containing the applet, the applet will run in the background, providing access to the files on your hard drive.
The applet was created by, Dam Brumleve, a security expert who chanced on the programming code last week. Brown Orifice is not all bad. The applet can be used non-maliciously for trading files among a community of users on different computers. In the wrong hands, however, the applet can cause a security breach.
In addition to lurking on web sites, the Brown Orifice applet can be sent in an email message and simply clicking on the message will activate the applet. When running, the applet provides full access to your files until Netscape is shut down. Netscape versions 4.5 to 4.7 are affected.
Netscape officials are aware of the problem and claim a fix will be available soon. Netscape version 6, which is due for release later this year, will not be vulnerable to this applet, according to Andrew Weinstein, a spokesman for Netscape. A preview version of Netscape 6 is currently available for download at the Netscape web site.
Meanwhile, Netscape users can turn off java, which will prevent the applet from running, by clicking on the Edit menu, choosing Preferences, then choosing the Advanced option. Make sure that the “Enable Java” option is not checked.