Assessing the Bug in Java

Print Denso QR Bar Code in Java Assessing the Bug
Assessing the Bug
QR Code Decoder In Java
Using Barcode Control SDK for Java Control to generate, create, read, scan barcode image in Java applications.
JavaSoft states correctly that this bug "represents minimal exposure to users" since it affects neither of the popular browsers. It is important to note that HotJava is completely susceptible to this problem unless code signing is entirely disabled. HotJava has always been suspect from a security perspective, and the Magic Coat hole shows why. So was this bug serious Yes. It provides yet another example of how complicated systems can break down in unexpected ways. Dr. Peter Neumann, moderator of comp.risks and noted security expert said at the time, "This is another instance of an old RISKS story-a surprisingly large portion of the entire infrastructure must be trustworthy, including pieces you might not have realized were critical. That statement is perhaps best thought of as a corollary to Leslie Lamport's classic statement, 'A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable.'"
QR Code JIS X 0510 Printer In Java
Using Barcode generator for Java Control to generate, create QR-Code image in Java applications.
Search the Book
Quick Response Code Reader In Java
Using Barcode scanner for Java Control to read, scan read, scan image in Java applications.
Previous Page
Printing Barcode In Java
Using Barcode generator for Java Control to generate, create bar code image in Java applications.
Search Help
Barcode Decoder In Java
Using Barcode reader for Java Control to read, scan read, scan image in Java applications.
Next Page
Encoding QR Code 2d Barcode In C#.NET
Using Barcode printer for .NET Control to generate, create QR image in .NET applications.
... Preface -- 1 -- 2 -- 3 -- 4 -- 5 -- 6 -- 7 -- 8 -- 9 -- A -- B -- C -- Refs Front -- Contents -- Help
Encoding Quick Response Code In VS .NET
Using Barcode printer for ASP.NET Control to generate, create QR Code ISO/IEC18004 image in ASP.NET applications.
Copyright 1999 Gary McGraw and Edward Felten. All rights reserved. Published by John Wiley & Sons, Inc.
Draw QR Code 2d Barcode In .NET
Using Barcode printer for Visual Studio .NET Control to generate, create QR Code image in VS .NET applications.
Attack Applets: Exploiting Holes in the Security Model
Printing QR Code In VB.NET
Using Barcode printer for VS .NET Control to generate, create QR Code JIS X 0510 image in VS .NET applications.
Previous Page
UPC-A Supplement 5 Creator In Java
Using Barcode creation for Java Control to generate, create GS1 - 12 image in Java applications.
CHAPTER SECTIONS: 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8 / 9 / 10 / 11 / 12 / 13 / 14 / 15 / 16 / 17 / 18 / 19 / 20
USS-128 Drawer In Java
Using Barcode creation for Java Control to generate, create EAN 128 image in Java applications.
Next Page
Draw Barcode In Java
Using Barcode generator for Java Control to generate, create barcode image in Java applications.
Section 14 -- Virtual Voodoo
MSI Plessey Generation In Java
Using Barcode creation for Java Control to generate, create MSI Plessey image in Java applications.
In March 1997, Sun announced the discovery and eradication of a bug in the Verifier of the JDK. The bug was present in all Java VMs, and Sun shipped a patch to Java licensees. Sun claimed that the bug was discovered by the engineering team during a standard security audit and was fixed within 24 hours of discovery. No attack based on this bug was ever devised. In fact, very little information about the fix was disseminated publicly. Statements made by Sun to the press emphasized the complexity of an exploit. Realistically, it sounds like the problem was similar to the You're Not My Type problem-an attacker would need to create malicious byte code to exploit the problem.
Bar Code Drawer In Visual Basic .NET
Using Barcode generator for VS .NET Control to generate, create bar code image in VS .NET applications.
Preemptive Strike
Generate Data Matrix In VB.NET
Using Barcode generator for .NET framework Control to generate, create Data Matrix image in VS .NET applications.
We found it a bit peculiar that Sun announced the discovery of a flaw in the Verifier and the dissemination of a patch to vendors. We speculate that someone outside of Sun had discovered the problem and Sun decided to announce the flaw before the discoverer did.
UPCA Scanner In .NET
Using Barcode recognizer for .NET Control to read, scan read, scan image in Visual Studio .NET applications.
Search the Book
UPC-A Generation In VS .NET
Using Barcode maker for Visual Studio .NET Control to generate, create UPCA image in .NET applications.
Previous Page
Code 39 Full ASCII Maker In .NET
Using Barcode drawer for ASP.NET Control to generate, create Code 39 Extended image in ASP.NET applications.
Search Help
USS Code 128 Maker In C#
Using Barcode maker for VS .NET Control to generate, create Code 128B image in Visual Studio .NET applications.
Next Page
Painting Universal Product Code Version A In C#
Using Barcode generator for .NET Control to generate, create UPCA image in .NET applications.
... Preface -- 1 -- 2 -- 3 -- 4 -- 5 -- 6 -- 7 -- 8 -- 9 -- A -- B -- C -- Refs Front -- Contents -- Help
Copyright 1999 Gary McGraw and Edward Felten. All rights reserved. Published by John Wiley & Sons, Inc.
Attack Applets: Exploiting Holes in the Security Model
Previous Page
CHAPTER SECTIONS: 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8 / 9 / 10 / 11 / 12 / 13 / 14 / 15 / 16 / 17 / 18 / 19 / 20
Next Page
Section 13 -- Cache Cramming
The second of the two attacks discovered by Major Malfunction and Ben Laurie in February 1997 works against Microsoft's Internet Explorer browser, but not Netscape. Unlike the minor Steal This IP Address problem, this problem is much more disturbing. On their Web page, www.alcrypto.co.uk/java/, Major Malfunction and Ben Laurie claim "this loophole allows an attacker to connect to any TCP/IP port on the client's machine." That's a bit of an overstatement, but interesting information about listening ports can be gathered (for possible later use), which may leave a firewalled host more susceptible to standard TCP/IPbased attacks. And that's bad news. The Java Security Manager usually disallows port-scanning behavior, but the crackers use the well-known trick of sticking some Java code (in this case, a port scanner) in the browser's cache and later executing it through a file: URL (using frames in the usual way). This attack works because Microsoft's cache layout is transparent. This is an interesting variation on the Slash and Burn attack described on page 153. The attackers cheat a bit for demonstration purposes by having the patsy clear his or her cache, but even without this exercise, guessing the cache location (one of four possibilities) would not be all that much of a challenge. Contrary to their claim, however, Java security rules are no longer relaxed for code loaded out of the cache (unless the cache happens to be in the CLASSPATH, which is not recommended). That problem was fixed in the upgrade to JDK 1.0.2. (Yet another reason that the Slash and Burn attack is obsolete.) In any case, Microsoft apparently places HTML and class files in the same directory stored with their original names (remember, a Java class will only run if it is correctly named). Although MSIE can't browse cache files directly, HTML pages can reference cache files by explicit name. Thus, the file: URL, if properly constructed, can invoke the Java class.
The applet stuffed in your cache is a port scanner. The port-scanning attack works because an applet is allowed to open a socket connection back to where it came from. And guess where it came from: Yep, the client machine. So a port scan is carried out by their cache-bomb applet. Unlike the Steal This IP Address problem, port scanning is very serious. Using this attack, a cracker might be able to discover things like weak sendmails listening on port 25, leaving only the problem of getting the port-scan information back to the cracker site. Accomplished crackers can simply use the URL-lookup covert channel to do this. Unfortunately, this approach is only one of many ways of sending interesting tidbits out from an applet.