Hi all,
Tomorrow, we'll announce the existence of the Silver Bullet Security Podcast
with Gary McGraw. Woo hoo. The first interview is with Avi Rubin. This
activity is sponsored by IEEE S&P Magazine...who by now all sc-l readers should
know well!
See www.cigital.com/silverbullet
Hope yo
| Kevin is correct, a type confusion attack will allow the bypass of the
| security manager simply because via a type confusion attack you will be
able
| to change what the security manager is 'seeing'
|
| So in an environment where you have a solid Security Policy (enforced by a
| Security
On 5/14/06, Dinis Cruz <[EMAIL PROTECTED]> wrote:
Kevin is correct, a type confusion attack will allow the bypass of the
security manager simply because via a type confusion attack you will be able
to change what the security manager is 'seeing'
In both .Net and Java, the sandboxes logic (CAS a
in reply to
>Dinis Cruz dinis at ddplus.net
>Sun May 14 03:40:20 EDT 2006
<...skipped...>
>So in an environment where you have a solid Security
Policy (enforced by
>a Security Manager) but the verifier is NOT enabled,
then to jump out of
>the sandbox all that you need to do is to create a
Type