Vulnerability Development mailing list archives
Re: reverse engineer c or java
From: 11a () GMX NET (Bluefish)
Date: Sun, 21 May 2000 19:50:46 +0200
Most likely the sender is intrested in copy protection, creating 'uncrackable' shareware etc. That's a different topic, which is more suitable in mailinglist etc which deals with such things. Anyway; given access to files, it is easier to create backdoored variants if the source code is open, or you use java (seems to be close to the same thing ;) But to rely upon C with none-open sourcecode is not the solution, because it simply makes it harder, it doesn't stop an inventive attacker with good programming knowledge.
security in any program you write? Write well thought out code. Learn about common bugs such as bad 'system()' placement or buffer overruns.
Btw, on the topic of java! Has there been published any research upon buffert overruns in java? I assume the class String is more or less secure, but are there security concerns related to usage of e.g. arrays?
What I really think good code comes down to is the following. If you aren't secure enough to release the program to the public open sourced you didn't secure the program.
True, in most cases. Concider distributed.net who publish almost the entire source code to aid development, but not the validation routines which are used to check that client hasn't been tampered with by malicious users. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: possible new "e-mail virus" concept ? + bypassing IE settings, (continued)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Blue Boar (May 18)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings A.T.Z. (May 19)
- chsh Segfault on FreeBSD 3.3 Fabio Pietrosanti (May 19)
- reverse engineer c or java kj (May 19)
- Re: reverse engineer c or java John Swensson (May 20)
- Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER SMILER (May 20)
- Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Blue Boar (May 20)
- Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Stuart Henderson (May 22)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Blue Boar (May 18)
- Re: reverse engineer c or java za () boo ma fu (May 20)
- Outlook, HTML & VBS Joerg Weber (May 21)
- Re: reverse engineer c or java Bluefish (May 21)
- Re: reverse engineer c or java Gordon Messmer (May 21)
- Re: reverse engineer c or java pantera () BALANCEPOINTGOLF COM (May 21)
- Re: reverse engineer c or java Crispin Cowan (May 21)
- Re: reverse engineer c or java Erik Debill (May 22)
- Re: reverse engineer c or java za () boo ma fu (May 21)
- Re: reverse engineer c or java Bluefish (May 22)
- Re: reverse engineer c or java za () boo ma fu (May 22)
- Re: reverse engineer c or java Bluefish (May 23)
- Re: reverse engineer c or java Mark Rafn (May 20)
- Re: reverse engineer c or java Pedro Hugo (May 20)