Vulnerability Development mailing list archives
Re: reverse engineer c or java
From: mattams () YAHOO CO UK (Matt inAmsterdam)
Date: Wed, 24 May 2000 10:13:53 +0100
Michael.Wojcik () merant com writes
And, of course, that even a (hypothetical) JVM free of implementation errors like buffer overflows may contain design flaws that either do not
implement
Java security rules correctly or fail in boundary conditions (like illegal opcode combinations). We've
seen more than one exploit of that sort.
Java's a smaller target than the huge number of unsafe C servers out there, but it would be a mistake to assume it's safe.
When a vulnerability in a jvm is discovered, it may well allow a generic attack. Then perhaps no amount of responsiveness on the part of Sun, or other jvm vendors will be enough to stem the worldwide hacking of java stuff, due the lack of heterogeneity. Of course it would be even worse if it's a design problem. -Matt van Amsterdam ____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie
Current thread:
- Re: reverse engineer c or java AnorEXia (May 20)
- Re: reverse engineer c or java Jacek Lipkowski (May 21)
- Re: reverse engineer c or java Bluefish (May 22)
- Re: reverse engineer c or java Jeff Bachtel (May 23)
- Re: reverse engineer c or java Crispin Cowan (May 28)
- <Possible follow-ups>
- Re: reverse engineer c or java Miller, Timothy (May 21)
- Re: reverse engineer c or java Zoa_Chien (May 22)
- Re: reverse engineer c or java Michael Wojcik (May 22)
- Re: reverse engineer c or java Matt inAmsterdam (May 24)
- Re: reverse engineer c or java Matt inAmsterdam (May 25)
- Re: reverse engineer c or java Jacek Lipkowski (May 21)