[aklug] Re: Deserialization exploits - Nice writeup - SCARY!

From: Jubal Skaggs <jubal@vcontext.net>
Date: Fri Jan 29 2016 - 14:46:54 AKST

These are fun. Hydrating foreign code in the jvm (or *any execution environment*) and running it unverified is like accidentially beaming up kahn aboard the starship enterprise and handing him a weapon, right? ;) And it's not just the little guys, for instance, here's another recent good one where a well known security vendor accidentally decompiles and inadvertantly executes foreign code while scanning it for malware (results in the appliance takeover - and worse). Foreign code is trojan horse.

http://googleprojectzero.blogspot.com.au/2015/12/fireeye-exploitation-project-zeros.html

Jubal Skaggs
jubal@vcontext.net
(907) 957-1762

> On Jan 29, 2016, at 2:17 PM, Christopher Howard <christopher@alaskasi.com> wrote:
>
> I'm curious, from a programming perspective, if you could have a safer form of object serialization. E.g., give the object some kind of limited execution environment with a restricted interface of functions.
>
> On 01/29/2016 01:48 PM, Lee Brumbaugh wrote:
>> Wow good read, but you're right, it's scary!
>>
>> Lee Brumbaugh
>>
>> On Fri, Jan 29, 2016 at 12:44 PM, Mike <alaskabarsalou@gmail.com <mailto:alaskabarsalou@gmail.com>> wrote:
>> I found this information great and scary at the same time.
>>
>>
>> http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ <http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/>
>>
>>
>> ---------
>> To unsubscribe, send email to <aklug-request@aklug.org <mailto:aklug-request@aklug.org>>
>> with 'unsubscribe' in the message body.
>>
>>
>
> --
> Christopher Howard, Computer Assistant
> Alaska Satellite Internet
> 3239 La Ree Way, Fairbanks, AK 99709
> 907-451-0088 or 888-396-5623 (toll free)
> fax: 888-260-3584
> mailto:christopher@alaskasi.com <mailto:christopher@alaskasi.com>
> http://www.alaskasatelliteinternet.com <http://www.alaskasatelliteinternet.com/>
> https://www.linkedin.com/in/christopher-howard-9429ab52 <https://www.linkedin.com/in/christopher-howard-9429ab52>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Jan 29 13:05:06 2016

This archive was generated by hypermail 2.1.8 : Fri Jan 29 2016 - 13:05:06 AKST