Vulnerability Development mailing list archives
Re: JAVA more insecure than true compiled code?
From: Charles Bell at home <charbell () bellsouth net>
Date: Sat, 06 Apr 2002 07:48:45 -0600
There are java class obfuscators available for preventing this kind of thing.You can run a utility called tdump supplied with Borland's free compiler on dll's, etc, and explore them as well.
Windows machines come with a now obscure program call debug from which anyone can explore what's in memory, etc. Just type in debug from a command prompt.
It comes down to a basic fact that you can reverse just about everything, depending on how much time and resources you want to spend. Nothing is absolutely secure. Security is a relative thing. It sure is fun figuring out how things are put together though.
Charles At 02:58 PM 4/5/2002 -0800, you wrote:
Only if you consider security-through-obscurity to be REAL(tm) security. <steven.sporen () za pwcglobal com> on 04/05/2002 05:17:19 AM To: vuln-dev () securityfocus com cc: Subject: JAVA more insecure than true compiled code? Hi, I was wondering what people's thoughts are regarding the security of code written in JAVA, I recently reverse engineered a product with a freely available JAVA decoder and found that it produced code with variable names imports etc, making it very easy to find out how it hung together. Could this be construed as a security flaw with JAVA? Thoughts comments are appreciated. Steven ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
Current thread:
- JAVA more insecure than true compiled code? steven.sporen (Apr 05)
- RE: JAVA more insecure than true compiled code? The Picard (Apr 07)
- Re: JAVA more insecure than true compiled code? -l0rt- (Apr 08)
- <Possible follow-ups>
- Re: JAVA more insecure than true compiled code? James Washer (Apr 05)
- Re: JAVA more insecure than true compiled code? Charles Bell at home (Apr 06)
- Re: JAVA more insecure than true compiled code? Hack Hawk (Apr 07)
- Re: JAVA more insecure than true compiled code? dirk . dussart (Apr 08)