The aerospace giant has instructed its employees to disable the Java function on their Web browsers and to avoid any untested Java applets, according to a report in the News Tribune in Tacoma, Washington. Specifically, in the July 26 edition of its company newsletter, Boeing targeted those using Netscape Communications' Navigator 2.0, 2.01, and 2.02; Microsoft's Internet Explorer 3.0 Beta 2; and Oracle's PowerBrowser.
The concerns stem from reports by researchers at Princeton University who have found security holes in the popular programming language that could let hackers to read and write to users' hard drives over a network. Sun Microsystems has also acknowledged that hackers could create so-called hostile or "black widow" applets designed to crash a hard disk by consuming all of a PC's resources.
Although no such incidents have been reported, the possibility of such offenses alone makes some information systems managers leery of having Java anywhere on their internal networks, which carry an ever-increasing amount of mission-critical data and applications. Last month, Telstra, Australia's largest telephone company, asked its employees to disable Java when browsing the Web.
JavaSoft, the Sun division that markets Java, played down the threat of hostile Java applets. Sun engineers said the newest versions of the most widely used browsers, Navigator 3.0 and Internet Explorer 3.0, have been released with strengthened security features, according to the report.
"All of that is fixed in currently-shipping browsers. I think their recommendation is outdated," Marianne Mueller, a staff engineer who works on security for JavaSoft, told the News Tribune. "I'm a security person, and I feel Java is safer than most other things people are using out there."
Java will still be used for internal programming, Boeing said, but it is taking the precautionary steps while the company independently researches the security issues. An estimated 10,000 employees use the Internet at the Everett, Washington, company.
"We just really need to know for certain ourselves, and we're still in the process of the evaluation," Boeing spokesman Bob Jorgensen told the News Tribune. "We're taking a neutral position. We want to rely on our research instead of hearsay."
Some fear one bad applet spoils batch
Firm throws down Gauntlet on Java
Sun counters Java ban down under
"Black widow" scare on the Web
Netscape posts fix for security bug
Another Java bug creeps out
Netscape preps security patch
Is the Net secure?
RealAudio coverage: CNET Radio