Re: JAVA more insecure than true compiled code?

[Charles Bell at home <charbell () bellsouth net>]

There are java class obfuscators available for preventing this kind of thing.

You can run a utility called tdump supplied with Borland's free compiler on 
dll's, etc, and explore them as well.

Windows machines come with a now obscure program call debug from which 
anyone can explore what's in memory, etc.  Just type in debug from a 
command prompt.

It comes down to a basic fact that you can reverse just about everything, 
depending on how much time and resources you want to spend. Nothing is 
absolutely secure. Security is a relative thing. It sure is fun figuring 
out how things are put together though.

Charles

At 02:58 PM 4/5/2002 -0800, you wrote:

> Only if you consider security-through-obscurity to be REAL(tm) security.
>
> <steven.sporen () za pwcglobal com> on 04/05/2002 05:17:19 AM
>
> To:    vuln-dev () securityfocus com
> cc:
> Subject:    JAVA more insecure than true compiled code?
>
>
>
> Hi,
>
> I was wondering what people's thoughts are regarding the security of code
> written in JAVA, I recently reverse engineered a product with a freely
> available JAVA decoder and found that it produced code with variable names
> imports etc, making it very easy to find out how it hung together. Could
> this be construed as a security flaw with JAVA?
>
> Thoughts comments are appreciated.
>
>   Steven
> ----------------------------------------------------------------
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material.  Any review, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited.   If you received
> this in error, please contact the sender and delete the material from any
> computer.