On May 19th 2009, we will give our JBoss talk (in German) at the Center for Computing and Communication of RWTH Aachen University (see their announcement). As we have more time than at the DFN CERT, we will be able to demonstrate all attacks live and generally go into a little bit more detail. You still aren’t required to have any previous knowledge about J2EE or JBoss though, so please come even if this is not your usual area of work.
Vulnerable JBoss AS (Dec. 2008)
The picture above shows a little statistic we made in December 2008 with the top 25 unique search results from Yahoo!. As you can see, less than 10% are secure against the attacks we will show in the talk. About one third of the JBoss AS weren’t reachable any more. Might make you think someones exploits crashed the boxes ;). We didn’t attack those JBoss AS for real of course, but only looked for telltale signs that make you pretty sure they are exploitable. So if you want to know how the attacks work and see a live demo, join us on the 19th.
Participation is free for everyone interested, you only have to register. We hope to see you there!
{ 1 } Comments
Ich wuerde ja gerne kommen, aber der Vortrag ist mir etwas zu frueh :-/
Post a Comment