Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Changes to the Java Security Model

Submitted by Orome1
Orome1 (1901578) writes "The upcoming security changes in Oracle Java address three long-standing issues with the Java security model. The most significant change is how signed applets are handled. In the past Oracle has suggested that all websites switch to signed applets, advice that contradicts recommendations by security experts, because signing an applet would also confer privileges to escape the sandbox. In fact, signed applets are the original method of escaping the Java sandbox, and have been abused by both attackers and security auditors for the last decade. Metasploit has a module specifically for this purpose. Oracle is changing this model so that signing an applet no longer confers sandbox escape privileges. This is a good thing for security."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Changes to the Java Security Model

Comments Filter:

ASHes to ASHes, DOS to DOS.

Working...