Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: reverse engineer c or java

From: 11a () GMX NET (Bluefish)
Date: Sun, 21 May 2000 19:50:46 +0200

Most likely the sender is intrested in copy protection, creating
'uncrackable' shareware etc. That's a different topic, which is more
suitable in mailinglist etc which deals with such things.

Anyway; given access to files, it is easier to create backdoored variants
if the source code is open, or you use java (seems to be close to the same
thing ;) But to rely upon C with none-open sourcecode is not the solution,
because it simply makes it harder, it doesn't stop an inventive attacker
with good programming knowledge.


security in any program you write? Write well thought out code.
Learn about common bugs such as bad 'system()' placement or
buffer overruns.


Btw, on the topic of java! Has there been published any research upon
buffert overruns in java? I assume the class String is more or less
secure, but are there security concerns related to usage of e.g. arrays?


      What I really think good code comes down to is the following.
If you aren't secure enough to release the program to the public
open sourced you didn't secure the program.


True, in most cases. Concider distributed.net who publish almost the
entire source code to aid development, but not the validation routines
which are used to check that client hasn't been tampered with by malicious
users.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team
Previous By Date Next
Previous By Thread Next

Current thread: