Today's Question:  What does your personal desk look like?        GIVE A SHOUT

 ALL


  Access control in Java -- doPrivileged

Previously we have introduced how Java performs permission check to protect resource access. What if sometimes we need to give some class the temporary access to some resource which it initially doesn't have? AccessController provides six doPrivileged methods to fulfill this requirement.These six methods have below signatures :static T doPrivileged(PrivilegedAction action)static T doPrivileged(PrivilegedAction action, AccessControlContext context)static T doPrivileged(PrivilegedExceptionAction action)static T doPrivileged(PrivilegedExceptionAction action, AccessControlContext context)stat...

3,449 0       JAVA SECURITY DOPRIVILEGED


  Access control in Java -- Permission check order

Previously we showed you how to turn on SecurityManager in Java. After SecurityManager is turned on, a series of permission checks will be applied on the code you are calling in your application to protect some resources against malicious access such as files, sockets etc.To perform these permission checks, a set of Permissions will be created and checked using the AccessController. The AccessController has three purposes :To decide whether an access to a critical system resource is to be allowed or denied, based on the security policy currently in effect,To mark code as being "privileged", th...

3,366 0       JAVA SECURITY ACCESSCONTROLLER


  Signature sign/verification demo in Java

Digital signature is commonly used in areas where data authentication and integrity are required. It is extremely important to have signature while transferring sensitive data from one peer to other peers through network since there might be malicious applications or man-in-the-middle attacks which may alter the data along the way.Java provides some APIs to generate and verify digital signature. One important class is Signature. When generating the signature, a private key needs to be passed to initSign()When verifying the signature, a public key needs to be passed to initVerify()Java use...

10,848 0       JAVA SECURITY SIGNATURE


  Crash your Chrome with %%30%30

Have you ever wondered a simple string can crash one of the most sophisticated designed web browsers -- Chrome? There is a finding from Andris Atteka who found that a null string "%%30%30" appended to an URL can crash Chrome. For example, if you have below URL in your browser address bar or you mouse over below URL, Chrome will crash:http://www.pixelstech.net/%%30%30When the browser crashed, it may show :Or on Windows, you will see :This bug has been reported to Google at Issue 533361. And the engineers are still working on fixing this bug....

7,308 1       SECURITY GOOGLE CHROME CRASH


  Here is what XcodeGhost author says

The first compiler malware in iOS was disclosed by Chinese iOS developers on Wednesday(Beijing time). The name of this malware is XcodeGhost as described by Alibaba researchers who released the analysis of this malware. The malicious code is located in a Mach-O object file that was repackaged into some versions of Xcode installers. These malicious installers were then uploaded to Baidu’s cloud file sharing service for used by Chinese iOS/OS X developers. Xcode is Apple’s official tool for developing iOS or OS X apps and it is clear that some Chinese developers have downloaded ...

7,715 0       APPLE SECURITY IOS APP STORE XCODEGHOST


  Arrays.equals() vs MessageDigest.isEqual()

Both Arrays.equals() and MessageDigest.isEqual() are used to compare the equality of two arrays. They can be interchangeably in many cases. However, they do have some differences which lead to different use cases in real applications.One difference is that the arrays passed to MessageDigest.isEqual() cannot be null while it's ok for Arrays.equals().The one major difference between these two methods is that Arrays.equals() is not time-constant while MessageDigest.isEqual() is time-constant. This means that when comparing two arrays, the arrays are compared byte by byte, Arrays.equals() will ret...

19,051 0       JAVA SECURITY ARRAYS.EQUAL() MESSAGEDIGEST.ISEQUAL()


  Useful functions to provide secure PHP application

Security is a very important aspect of programming. There are many functions or modules in any kind of real programming language providing security functionalities  In modern websites, we may often get inputs form users all around the world.There is a famous saying which says that never trust user input. So in web programming languages, we will often see functions which will guarantee the security of the data input from users. Today we will cover some of these functions in the most famous open source language  - PHP.In PHP, there are few useful functions which is very handy for preve...

25,896 0       PHP SECURITY SQL INJECTION XSS AJAX


  A completely new approach to surveillance - should you be worried?

Paranoia is not necessarily a bad thing - assuming someone is really out there to get you. True or not, the paranoid have had issues they need to control explode as the internet developed, they also got specific tools to make their secrets (or their life, not everybody has a dark secret) more secure and under control. Unfortunately to them, and to the amazement of science and science fiction fans worldwide, a new way of obtaining secrets has appeared and it’s something very few expected. The result of the combined brainpower of Adobe, Microsoft and MIT researchers is the visual microphon...

3,036 0       SECURITY