O'Reilly logo

Malicious Mobile Code by Roger A. Grimes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Java Exploits

Java has a wonderful security model that almost perfectly balances usability with security. To pull off this delicate balancing act took a lot of smart people, a lot of code, and a complex set of checks. And for the most part it works! Unfortunately, as any security expert will tell you, complexity -- and Java’s security model is complex -- increases the chances that something will break. Java’s sandbox has been violated several times and even applets, which do not violate any of the rules, can introduce annoying denial of service attacks.

Paid to Hack

There are thousands of hackers interested in exploiting malicious mobile code. Entire groups, like Germany’s Computer Chaos Club, use a professional, team approach to hacking Java. Everyone wants to be the first to “prove how unsecure Java is.” Fortunately, there are a few dozen highly skilled professional groups working to find the latest exploit before malicious hackers can.

Probably the most famous group analyzing Java is Princeton University’s Safe Internet Programming Team (SIP) (http://www.cs.princeton.edu/sip). Using support garnered from both public and private entities, SIP is the premier research group studying mobile code systems. They have a serious bent toward Java, but are the group to talk to about any malicious code exploits. Included in the team are several other university groups, graduate students dedicated to debugging Java, and JavaSoft’s own security team.

History of Java exploits

Java was released ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required