Isn't limewire open source?
On Tue, 15 Aug 2006 4:17 pm, Lemon Obrien wrote:
yeah...but with java you can easily do it...find the encryption class
you need...or get access to the data before encryption...just by
creating an extension of a known class and over-riding it's virtual
method....its not hard. I've done this plenty of times with
professional products like 'weblogic' commerce server...i wanted
funtionality from a class they provided. Of course when you do this;
you busting the warrenty...but who cares.
now, think of the desktop...then think of giving your program away to
get users; You know, to find out how limewire worked...i decompiled it.
i've even decompiled class wtihin the security package provided by
sun...to see what was going on...and maybe to steal...shhh....don't
tell anyone.
oh yeah...JXTA sucks...unless you're corporate and making something
totally irrelivant. Try going through a firewall with that shit...last
time i checked it was a no-go.
don't get me wrong....java has its place. I use it to do payment
processing and email stuff...writing small servers doing simple stuff.
its just, most people who do java can't do anything else...
Daniel Brookshier <[EMAIL PROTECTED]> wrote:
Yikes! Decompile is hardly a security issue. We obfuscate Java all the
time to prevent the random prying eye, but C and all other languages
are just as easily hacked. You can not hide references to libraries
and such in either language. There is no such thing as code security,
just obscurity.
Daniel Brookshier
office 972-422-5261
cell 214-207-6614
On Aug 15, 2006, at 3:29 PM, Lemon Obrien wrote:
you've never decompiled java then...i have...especially if i wanted
to changed how something worked.
Mike Duigou <[EMAIL PROTECTED]> wrote:
Lemon Obrien wrote:
depends on the data you're transporting. I specificaly stayed away
from java cause it was easy to crack...and the data transported, as
well as the protocols, are sensitive.
That's ridiculous. Strong crypto is strong crypto no matter what
implementation language you use. The same applies for good protocol
design--the quality of the design matters far, far more than the
language it is implemented in.
*/Sashidhar Reddy Mukkamalla /* wrote:
Hi Group,
I am trying to develop a p2p app. Can anyone point me some
literature about security issues/concerns with p2p applications in
particular and network programs in general. Any pointers would be
greatly helpful (both introductory and advanced)
Any time spent reading about the fundamental algorithms, technologies
and standards will be time well spent. It will be generally applicable
no matter what type of application you are building or environment you
are building it for.
Whenever I need a refresher on any topic I usually start here:
http://www.cs.auckland.ac.nz/~pgut001/tutorial/index.html
or
http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm
and then branch off into google searches from there. Some of the
specific topics are very dated e.g. "Skipjack" but the issues always
remain relevant.
Mike
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
You don't get no juice unless you squeeze
Lemon Obrien, the Third.
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
You don't get no juice unless you squeeze
Lemon Obrien, the Third._______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
