This web page demonstrates that the Application "Name" in Java Security popups can be easily forged (full details):
- Make sure you are running Java 1.6, or later
-- but if you are not running the latest Java (1.7.0_40 as of now), upgrade immediately due to
many security vulnerabilities
- Enter a forged application name below and press 'Test Java' -- The "Java Detection" applet
from java.com will be run inside this web page with the forged name entered below.
- If asked if you want to run Java (like in Chrome), answer yes
- You will then get a security dialog from Java -- note the 'Name' in the popup
dialog -- that Java says is running from www.java.com signed by
Publisher Oracle America, Inc.
- Press 'cancel' to prevent the java code from running -- Or press Run to allow the code to
information) and ask yourself why Oracle's Java Detection applet, signed to only run
This web page was tested and works under XP/IE8/Java6, Win7/IE10/Java7, and Win7/Chrome29/Java7