 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
The security issues with Java and ActiveX and Flash and so forth have nothing to do with Turing-completeness. The issues arise from fundamentally insecure architectures. To wit, these run-times have access to the underlying systems. Local privilege escalation. A program running in a browser, whether natively or via a plug-in or some other mechanism, is running locally. If it can exploit a local privilege escalation vulnerability then it just owned the box. This is how the vast majority of malware gets deployed these days. Bits of Java or JavaScript embedded in "invisible" image or video files are executed when the browser plugins run them. These bits of code exploit local privilege escalation vulnerabilities then install their payloads. Either a program has permission to run or it doesn't. The language or run-time or interpreter doesn't matter to this simple yes/no switch. -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
