Tuesday, January 23, 2007

Java Vulnerability on CERT

Now, here's something you don't see too often on CERT: a Java vulnerability. That doesn't mean they're not there, they just don't get the headlines from CERT.

The vulnerability would allow an attacker, using a Java applet, to run any code on a compromised machine. Victims fall prey through specifically crafted code on a malicious web site they may visit. Sun has already release updates to the Java Runtime Environment (JRE) to fix the issue.

The Hacking Exposed series has a book available from Amazon on Java hacking with a web site. Sun also has information on secure Java coding on its Java web site.

It's a common myth that Java is somehow more secure than other languages. Sure, it checks buffers and has some built-in security features not found elsewhere. But, it's still code and, if it's code, it can be cracked -- no matter the language.


Post a Comment

<< Home