Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 10:36:21 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2279291395&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fpapers%2Fjava%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2279291395.1338201381.1338201381.1338201381.1%3B%2B__utmz%3D32867617.1338201381.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/104474/dissecting_jsf_pt_aks_kr.pdf http://packetstormsecurity.org/files/104474/dissecting_jsf_pt_aks_kr.pdf http://packetstormsecurity.org/files/104474/Dissecting-Java-Server-Faces-For-Penetration-Testing.html Thu, 25 Aug 2011 23:23:23 GMT Whitepaper called Dissecting Java Server Faces for Penetration Testing. This paper is divided into two parts. In the first part, they discuss the internals of JSF, a Java based web application framework and its inherent security model. In the second part, they discuss about the security weaknesses and applied security features in the JSF. In addition, they also raise a flag on the security issues present in JSF in order to conduct effective penetration testing. http://packetstormsecurity.org/files/104048/qrcode-goesbad.pdf http://packetstormsecurity.org/files/104048/qrcode-goesbad.pdf http://packetstormsecurity.org/files/104048/EvilQR-When-QR-Code-Goes-Bad.html Tue, 16 Aug 2011 03:56:18 GMT Whitepaper called EvilQR – When QR Code Goes Bad . This is a security assessment of mobile QR readers. http://packetstormsecurity.org/files/101511/paper_jboss_eng.pdf http://packetstormsecurity.org/files/101511/paper_jboss_eng.pdf http://packetstormsecurity.org/files/101511/Implementing-Security-Improvements-In-JBoss.html Wed, 18 May 2011 01:17:35 GMT Brief whitepaper discussing security improvements that should be implemented in JBoss application server installations. http://packetstormsecurity.org/files/90696/2010-06-15-JBoss-AS-Deploying-WARs-with-the-DeploymentFileRepository-MBean.pdf http://packetstormsecurity.org/files/90696/2010-06-15-JBoss-AS-Deploying-WARs-with-the-DeploymentFileRepository-MBean.pdf http://packetstormsecurity.org/files/90696/JBoss-Application-Server-Deploying-WARs-With-The-DeploymentFileRepository-MBean.html Wed, 16 Jun 2010 03:22:33 GMT Whitepaper called JBoss Application Server - Deploying WARs with the DeploymentFileRepository MBean. It explains how to deploy WAR files with the DeploymentFileRepository MBean and how this is even possible with Cross Site Request Forgery (CSRF). http://packetstormsecurity.org/files/72141/java2-malware.pdf http://packetstormsecurity.org/files/72141/java2-malware.pdf http://packetstormsecurity.org/files/72141/java2-malware.pdf.html Thu, 20 Nov 2008 23:08:17 GMT Whitepaper entitled Java 2 Micro Edition (J2ME or Java ME) Based Computer Malware Propagation Technique. http://packetstormsecurity.org/files/57716/JNLP_Security_Con.pdf http://packetstormsecurity.org/files/57716/JNLP_Security_Con.pdf http://packetstormsecurity.org/files/57716/JNLP_Security_Con.pdf.html Fri, 13 Jul 2007 01:48:35 GMT JNLP Security Convergence - A whitepaper discussing security problems in the Java Network Language Protocol. http://packetstormsecurity.org/files/52521/javacrack.pdf http://packetstormsecurity.org/files/52521/javacrack.pdf http://packetstormsecurity.org/files/52521/javacrack.pdf.html Mon, 27 Nov 2006 03:38:07 GMT Whitepaper entitled Cracking String Encrypting in Java Obfuscated Bytecode. http://packetstormsecurity.org/files/49340/beanshell.pdf http://packetstormsecurity.org/files/49340/beanshell.pdf http://packetstormsecurity.org/files/49340/beanshell.pdf.html Sun, 27 Aug 2006 07:33:23 GMT Accessing Java Clients with the BeanShell. This whitepaper goes into detail discussing the assessment of Java applications utilizing the BeanShell. http://packetstormsecurity.org/files/16233/96-026-java-firewalls.ps.Z http://packetstormsecurity.org/files/16233/96-026-java-firewalls.ps.Z http://packetstormsecurity.org/files/16233/96-026-java-firewalls.ps.Z.html Fri, 01 Oct 1999 22:09:41 GMT Blocking Java Applets at the Firewall. Discussion about blocking hostile applets at firewalls. http://packetstormsecurity.org/files/16239/bug.html http://packetstormsecurity.org/files/16239/bug.html http://packetstormsecurity.org/files/16239/bug.html.html Fri, 01 Oct 1999 22:09:41 GMT Java is not type-safe. http://packetstormsecurity.org/files/16241/ccs4.html http://packetstormsecurity.org/files/16241/ccs4.html http://packetstormsecurity.org/files/16241/ccs4.html.html Fri, 01 Oct 1999 22:09:41 GMT The Security of Static Typing with Dynamic Linking. http://packetstormsecurity.org/files/16242/compsec97.html http://packetstormsecurity.org/files/16242/compsec97.html http://packetstormsecurity.org/files/16242/compsec97.html.html Fri, 01 Oct 1999 22:09:41 GMT A Comparison between Java and Active X Security. http://packetstormsecurity.org/files/16234/CSFactForum.html http://packetstormsecurity.org/files/16234/CSFactForum.html http://packetstormsecurity.org/files/16234/CSFactForum.html.html Fri, 01 Oct 1999 22:09:41 GMT Foresight Computer Security Fact Forum. Discussion of the Java Security Model. http://packetstormsecurity.org/files/16245/djvm.html http://packetstormsecurity.org/files/16245/djvm.html http://packetstormsecurity.org/files/16245/djvm.html.html Fri, 01 Oct 1999 22:09:41 GMT Defensive Java Virtual Machine Version 0.5 alpha Release. Built in ACL2. http://packetstormsecurity.org/files/16243/icdcs.html http://packetstormsecurity.org/files/16243/icdcs.html http://packetstormsecurity.org/files/16243/icdcs.html.html Fri, 01 Oct 1999 22:09:41 GMT Experience with Secure Multi-Processing in Java. http://packetstormsecurity.org/files/16244/ieee-computer-secass.pdf http://packetstormsecurity.org/files/16244/ieee-computer-secass.pdf http://packetstormsecurity.org/files/16244/ieee-computer-secass.pdf.html Fri, 01 Oct 1999 22:09:41 GMT Software Assurance for Security. http://packetstormsecurity.org/files/16246/javapaper.html http://packetstormsecurity.org/files/16246/javapaper.html http://packetstormsecurity.org/files/16246/javapaper.html.html Fri, 01 Oct 1999 22:09:41 GMT One of the first papers presented on Java Security. http://packetstormsecurity.org/files/16236/JavaW.html http://packetstormsecurity.org/files/16236/JavaW.html http://packetstormsecurity.org/files/16236/JavaW.html.html Fri, 01 Oct 1999 22:09:41 GMT Work on the Java Type System. http://packetstormsecurity.org/files/16247/jdk12arch.ps.gz http://packetstormsecurity.org/files/16247/jdk12arch.ps.gz http://packetstormsecurity.org/files/16247/jdk12arch.ps.gz.html Fri, 01 Oct 1999 22:09:41 GMT Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 http://packetstormsecurity.org/files/16248/jdk12impl.ps.gz http://packetstormsecurity.org/files/16248/jdk12impl.ps.gz http://packetstormsecurity.org/files/16248/jdk12impl.ps.gz.html Fri, 01 Oct 1999 22:09:41 GMT Implementing Protection Domains in the Java Development Kit 1.2. http://packetstormsecurity.org/files/16235/JS_pap2.html http://packetstormsecurity.org/files/16235/JS_pap2.html http://packetstormsecurity.org/files/16235/JS_pap2.html.html Fri, 01 Oct 1999 22:09:41 GMT Java Security: Weaknesses and Solutions. Early paper on Java security and problems in the VM. http://packetstormsecurity.org/files/16249/mobile-abs.bib.html http://packetstormsecurity.org/files/16249/mobile-abs.bib.html http://packetstormsecurity.org/files/16249/mobile-abs.bib.html.html Fri, 01 Oct 1999 22:09:41 GMT Mobile Code Bibliography. A collection of mobile code publications. http://packetstormsecurity.org/files/16238/SecHole.html http://packetstormsecurity.org/files/16238/SecHole.html http://packetstormsecurity.org/files/16238/SecHole.html.html Fri, 01 Oct 1999 22:09:41 GMT Security Breaches in the JDK 1.1 beta 2 security API. http://packetstormsecurity.org/files/16250/secure96.html http://packetstormsecurity.org/files/16250/secure96.html http://packetstormsecurity.org/files/16250/secure96.html.html Fri, 01 Oct 1999 22:09:41 GMT Java Security: From HotJava to Netscape and Beyond. A classic paper on the security of Java. http://packetstormsecurity.org/files/16251/sosp97.html http://packetstormsecurity.org/files/16251/sosp97.html http://packetstormsecurity.org/files/16251/sosp97.html.html Fri, 01 Oct 1999 22:09:41 GMT Extensible Security Architectures for Java.