Java Vulnerability on CERT
Now, here's something you don't see too often on CERT: a Java vulnerability. That doesn't mean they're not there, they just don't get the headlines from CERT.
The vulnerability would allow an attacker, using a Java applet, to run any code on a compromised machine. Victims fall prey through specifically crafted code on a malicious web site they may visit. Sun has already release updates to the Java Runtime Environment (JRE) to fix the issue.
The Hacking Exposed series has a book available from Amazon on Java hacking with a web site. Sun also has information on secure Java coding on its Java web site.
It's a common myth that Java is somehow more secure than other languages. Sure, it checks buffers and has some built-in security features not found elsewhere. But, it's still code and, if it's code, it can be cracked -- no matter the language.
The vulnerability would allow an attacker, using a Java applet, to run any code on a compromised machine. Victims fall prey through specifically crafted code on a malicious web site they may visit. Sun has already release updates to the Java Runtime Environment (JRE) to fix the issue.
The Hacking Exposed series has a book available from Amazon on Java hacking with a web site. Sun also has information on secure Java coding on its Java web site.
It's a common myth that Java is somehow more secure than other languages. Sure, it checks buffers and has some built-in security features not found elsewhere. But, it's still code and, if it's code, it can be cracked -- no matter the language.
posted by The IT Security Guy at 6:09 AM
0 Comments:
Post a Comment
<< Home