Ask HN: I just want to have fun programming again ycombinator.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from ycombinator.com Daily Mail and Mail on Sunday newspapers.
How JavaScript Works: the evolution of graphics sessionstack.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from sessionstack.com Daily Mail and Mail on Sunday newspapers.
May 5, 2021
Back in college, I was very interested in Java bytecode. When I got an internship at Google in 2013, I was skeptical of the security of the Java version of Google App Engine and got permission to spend the last week of my internship doing a mini red team exercise, trying to break into App Engine. This is the story of how I found a vulnerability and developed an exploit to break out of the App Engine sandbox and get arbitrary code execution on a Google server.
Background
One of the reasons I was skeptical was Java’s poor security track record. Java is unusual among programming languages in attempting to do in-process sandboxing with its Applet model, where trusted and untrusted code run within the same language runtime.
The End of Applets infoq.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from infoq.com Daily Mail and Mail on Sunday newspapers.