adtmag.com

Waratek's Giannakidis: Removing Serialization from Java Is Not the End of the Story

Last month, Oracle's chief architect, Mark Reinhold, said during a conference Q&A that one of Oracle's long-term goals is to change the way Java handles object serialization. In fact, he called the ...
InfoWorld

Java plan prepares to restrict final field mutation

A JDK Enhancement Proposal (JEP) to prepare to make final mean final in Java would issue warnings about uses of deep reflection to mutate final fields. The warnings would prepare Java developers for a ...
Threat Post

Old Attack Exploits New Java Reflection API Flaw

Researchers have discovered a new vulnerability in the Java Reflection API that can be exploited by a decade-old attack. No Java component has had a bigger bull’s eye on its back this year than the ...
InfoWorld

The Java serialization algorithm revealed

Serialization is the process of saving an object’s state to a sequence of bytes; deserialization is the process of rebuilding those bytes into a live object. The Java Serialization API provides a ...
Semiconductor Engineering

Exploiting The Java Deserialization Vulnerability

In the security industry, we know that operating on untrusted inputs is a significant area of risk; and for penetration testers and attackers, a frequent source of high-impact issues. Serialization is ...
PC World

PayPal is the latest victim of Java deserialization bugs in Web apps

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor. The ...