对象已移动

可在此处找到该文档 Major security flaws in Java applications, European researchers warn – New Self New Life
New Self New Life
No Result
View All Result
  • Home
  • Entertainment
  • Celebrity
  • Cinema
  • Music
  • Digital Lifestyle
  • Social Media
  • Softwares
  • Devices
  • Home
  • Entertainment
  • Celebrity
  • Cinema
  • Music
  • Digital Lifestyle
  • Social Media
  • Softwares
  • Devices
New Self New Life
No Result
View All Result
Home Softwares

Major security flaws in Java applications, European researchers warn

by admin
1 year ago
in Softwares
Major security flaws in Java applications, European researchers warn
Share on FacebookShare on Twitter


Major security flaws in Java applications, European researchers warn
Alexandre Bartel, Professor at Umeå College, has, in collaboration with European analysis colleagues, studied main weaknesses in one of many world’s largest programming languages. Credit score: Mattias Pettersson

Alexandre Bartel, Professor of Software program Engineering and Safety at Umeå College, in collaboration with a number of European researchers, has extensively analyzed weaknesses in software program written in one of many world’s most generally used programming languages.

“This includes flaws within the processes that retrieve and recreate data—corresponding to buyer accounts, transactions, or affected person information. These vulnerabilities can create large prices for companies, governments and public authorities.”

Java is behind purposes utilized in cellular video games, robots, embedded techniques or enterprise purposes. Through the years, a number of safety flaws have been reported and now European researchers have investigated whether or not and the way these have been addressed.

They’ve checked out Java merchandise that use deserialisation, the method of restoring packaged data to its earlier state, corresponding to consumer settings, sport features, procuring carts or banking purposes, and carried out an in-depth evaluation of current vulnerabilities and assaults.

Large firms affected

“We now have recognized weaknesses and the way they’ve been addressed. The issue is that the programmers appear to repeat the identical errors again and again and subsequently reintroduce the vulnerabilities,” Professor Bartel says.

Within the research “An In-Depth Examine of Java Deserialization Distant-Code Execution Exploits and Vulnerabilities,” which was performed in collaboration with Eric Bodden, Professor at Paderborn College, Yves Le Traon, Professor on the Université du Luxembourg and Imen Sayar, now researcher at INRIA, a number of examples are given:

  • Flaws in PayPal’s vital purposes—gave entry to manufacturing databases
  • Vulnerabilities on the San Francisco Division of Transportation—the attackers gained management of two,000 computer systems and blocked the cost techniques
  • Equifax, the biggest US credit score reporting company within the US—suffered an assault wherein the attacker managed to steal 147.7 million items of private information

What the European researchers are seeing is that the movement of bytes, the movement of data, opens for modification by attackers. “It’s in the course of the precise deserialization course of, when the knowledge is recreated, that the attacker can acquire complete management over the receiving system. Even very small adjustments within the code could make techniques weak to assaults,” Alexandre Bartel says.

Critical flaws

Most Java applications depend on exterior libraries and there’s no straightforward solution to repair the affected techniques. Alexandre Bartel argues that to stop safety flaws from being launched in new code, the builders ought to keep away from utilizing Java deserialisation altogether.

“Our findings recommend that the complete provide chain of the developed utility ought to be totally verified all through the appliance’s lifecycle. The findings are very severe as they’ve the potential to be pricey, not just for firms but in addition for society at giant,” says Alexandre Bartel.

The research has attracted appreciable curiosity and was printed within the extremely regarded and selective Transactions on Software program Engineering and Methodology journal, TOSEM, of the Affiliation of Computing Equipment, ACM. The findings have been additionally offered at ICSE, the Worldwide Convention on Software program Engineering, which is likely one of the most prestigious conferences within the subject.

Bartel and his analysis group are actually growing strategies to extra effectively detect these vulnerabilities and stop assaults.

Serialization and deserialisation

Processes in pc science that contain saving an information construction or object state in a format that may then be saved or transferred to a different computing surroundings. It includes “translating” information constructions right into a stream of bytes to facilitate storage in, for instance, a reminiscence, a file or throughout information switch to a different machine.

Examples embrace: Pharmaceutical techniques, the place governments require packaging to be coded in order that it may be tracked all through the availability chain. Recreation improvement: to retailer and cargo sport information corresponding to participant progress, settings and saved video games. Monetary sector: storage and transmission of information on monetary transactions between banks and different monetary techniques.

Offered by
Umea College

Quotation:
Main safety flaws in Java purposes, European researchers warn (2023, December 27)
retrieved 1 January 2024
from https://techxplore.com/information/2023-12-major-flaws-java-applications-european.html

This doc is topic to copyright. Aside from any truthful dealing for the aim of personal research or analysis, no
half could also be reproduced with out the written permission. The content material is offered for data functions solely.





Source link

Tags: ApplicationsEuropeanFlawsJavaMajorResearchersSecuritywarn
Previous Post

The One Thing Rachel Bolan Wants to Do Before Skid Row Is Done

Next Post

Zack Snyder Discusses the Vast Universe of His Netflix Sci-Fi Epic, Rebel Moon

Related Posts

Minor update(4) for Vivaldi Android Browser 7.4
Softwares

Minor update(4) for Vivaldi Android Browser 7.4

by admin
June 21, 2025
10+ Best Free Portfolio & Lookbook Templates for InDesign in 2025 — Speckyboy
Softwares

10+ Best Free Portfolio & Lookbook Templates for InDesign in 2025 — Speckyboy

by admin
June 20, 2025
User Guide For CS-Cart Product Search By Barcode
Softwares

User Guide For CS-Cart Product Search By Barcode

by admin
June 18, 2025
Open Talent platforms emerging to match skilled workers to needs, study finds
Softwares

Open Talent platforms emerging to match skilled workers to needs, study finds

by admin
June 16, 2025
New tool could help homeowners weather flood risks, lower insurance costs
Softwares

New tool could help homeowners weather flood risks, lower insurance costs

by admin
June 19, 2025
Next Post
Zack Snyder Discusses the Vast Universe of His Netflix Sci-Fi Epic, Rebel Moon

Zack Snyder Discusses the Vast Universe of His Netflix Sci-Fi Epic, Rebel Moon

Facts About His 7 Brothers and Sisters – Hollywood Life

Facts About His 7 Brothers and Sisters – Hollywood Life

  • Trending
  • Comments
  • Latest
8BitDo Retro Mechanical Keyboard C64 Review

8BitDo Retro Mechanical Keyboard C64 Review

March 24, 2025
The Best Madras Shirt Brands For Men: Summer 2021 Edition

The Best Madras Shirt Brands For Men: Summer 2021 Edition

July 20, 2021
SOG and Leatherman EDC, Dyson Lightcycle Morph lamp, COTRE 2-way radios, and more – Weekly roundup

SOG and Leatherman EDC, Dyson Lightcycle Morph lamp, COTRE 2-way radios, and more – Weekly roundup

May 16, 2021
Guide for Bagisto Quick Commerce

Guide for Bagisto Quick Commerce

October 16, 2024
Bones: All Of Brennan’s Interns, Ranked

Bones: All Of Brennan’s Interns, Ranked

June 15, 2021
POORSTACY “Knife Party” video featuring Oli Sykes

POORSTACY “Knife Party” video featuring Oli Sykes

January 27, 2022
What Are the Best User Provisioning Practices for SaaS Apps

What Are the Best User Provisioning Practices for SaaS Apps

September 9, 2022
List of Essential Gadgets You Can’t Live Without

List of Essential Gadgets You Can’t Live Without

November 7, 2023
What We Know So Far About the Supposed ‘Mother of All Data Breaches’

What We Know So Far About the Supposed ‘Mother of All Data Breaches’

June 21, 2025
Go Through Justin Timberlake and Jessica Biel’s Sweet Family Photos

Go Through Justin Timberlake and Jessica Biel’s Sweet Family Photos

June 21, 2025
Secret royal swimming pools – including Princess Kate and Prince William’s heatwave haven

Secret royal swimming pools – including Princess Kate and Prince William’s heatwave haven

June 21, 2025
Who Is Yvie Oddly’s Husband? Doug Illsley’s Relationship History

Who Is Yvie Oddly’s Husband? Doug Illsley’s Relationship History

June 21, 2025
Social Platforms Explore Age Verification Options to Comply With Teen Access Regulations

Social Platforms Explore Age Verification Options to Comply With Teen Access Regulations

June 21, 2025
From Rave To Rock, L’Eclair Conjure Magic On ‘Cloud Drifter’

From Rave To Rock, L’Eclair Conjure Magic On ‘Cloud Drifter’

June 21, 2025
Minor update(4) for Vivaldi Android Browser 7.4

Minor update(4) for Vivaldi Android Browser 7.4

June 21, 2025
Jim Jones Rejects Notion That His Career Is Comparable to Nas’

Jim Jones Rejects Notion That His Career Is Comparable to Nas’

June 20, 2025
New Self New Life

Your source for entertainment news, celebrities, celebrity news, and Music, Cinema, Digital Lifestyle and Social Media and More !

Categories

  • Celebrity
  • Cinema
  • Devices
  • Digital Lifestyle
  • Entertainment
  • Music
  • Social Media
  • Softwares
  • Uncategorized

Recent Posts

  • What We Know So Far About the Supposed ‘Mother of All Data Breaches’
  • Go Through Justin Timberlake and Jessica Biel’s Sweet Family Photos
  • Secret royal swimming pools – including Princess Kate and Prince William’s heatwave haven
  • Home
  • Disclaimer
  • DMCA
  • Privacy Policy
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2021 New Self New Life.
New Self New Life is not responsible for the content of external sites. slotsfree  creator solana token

No Result
View All Result
  • Home
  • Entertainment
  • Celebrity
  • Cinema
  • Music
  • Digital Lifestyle
  • Social Media
  • Softwares
  • Devices

Copyright © 2021 New Self New Life.
New Self New Life is not responsible for the content of external sites.

New Self New Life