Хакеры vs Мобилы

Greyman · Конфигурация компьютера

hasherfrog
Ты об этом?

Цитата:

HITB (Hack In The Box) 2004 Presentation by Adam Gowdiak: "Java 2 Micro Edition (J2ME) Security Vulnerabilities". Java 2 Micro Edition (J2ME) security in detail . This discusses mobile Java, KVM, CLDC and MIDP concepts, and a detailed descri ption of KVM security architecture, its operation, and differences from standard the standard JVM. Several security issues affecting most of J2ME are discussed.

Это ж 56 метров. Ну допустим скачаю я сегодня-завтра, а что тогда? Тебе краткий перевод понадобиться? Я, например, бегло с инглишем не работаю. А если передавать, то как?

П.С.
Лично мне сама дисскусия эта не нужна, мне вполне хватит заявления, которое будет по этому поводу. Но если зачем-нить это нужно тебе, то могу скачать, не проблема...

Добавлено:

От туда же:

Цитата Adam Gowdiak:

I found two very serious security vulnerabilities in Java technology for mobile devices (Java 2 Micro Edition) that might be affecting about 250 millions [2] of mobile phones *coming from Nokia, Siemens, Panasonic, Samsung, Motorola and others [3]. Information about these flaws has been published at Hack In the Box Security Conference [4] earlier this month in Kuala Lumpur, Malaysia.

Both vulnerabilities are implementation flaws in bytecode verifier
component of KVM (Java Virtual Machine for mobile devices) developed by SUN Microsystems. Each of the flaws can be used to completely break Java security (Java type and memory safety) on a mobile device and to obtain access to the phone data and underlying operating system's functionality.

I verified on my Nokia DCT4 phone that malicious code exploiting one of the flaws can steal data from the phone (i.e. phonebook, SMS messages), establish communication with the Internet, send arbitrary SMS messages, write permanent memory of the phone
(FLASH), interfere with or intercept IPC communication occuring between native Nokia OS tasks, install resident code on the phone. Any of the aforementioned actions can be conducted without user knowledge and permission.