back to article Google App Engine Java sandbox is leaking, say researchers

Security Explorations hacker Adam Gowdiak says three partial Java sandbox security holes still exist in Google App Engine. Gowdiak says the problems stem from buggy implementations and lax security checks that mean evildoers could gain access to the Google cloud's Java environment. He dropped exploitation code after the ad …

  1. Candy

    The biter bit.

    So, if you don't respond quickly enough to satisfy a third party that you are taking action on a bug, the details get released. No negotiation.

    Sound familiar, Google?

    1. Anonymous Coward
      Anonymous Coward

      Re: The biter bit.

      Don't point at the Microsoft debacle as they DID respond, but Google went ahead anyway.

      1. petur

        Re: The biter bit.

        Yes, but after 90 days, not 21....

        What's next, full disclosure if not responded to within the hour?

        (granted, 3 weeks not responding is taking it over the top, get your act together Google)

    2. Anonymous Coward
      Anonymous Coward

      Re: The biter bit.

      People still write stuff in Java?! Jeeez. Horribly insecure mess since day one, and for most uses outperformed by alternatives like .Net.

      1. William Old
        FAIL

        Re: The biter bit.

        People still write stuff in Java?! Jeeez. Horribly insecure mess since day one, and for most uses outperformed by alternatives like .Net.

        Ah, yes, from that famous software company that sells a bloated, horribly-broken consumer-grade OS to millions of suckers, one that repeatedly warns said suckers when they haven't installed someone else's software product that attempts to mitigate - not cure - the horribly-broken stuff?

        Great, I will have some of that... from where can I download a version for my well-written Open Source multi-user OS?

        Hahahahaahahahaahahahaahahahaahahahaahahahaahahaaahahaha...!

        1. Anonymous Coward
          Anonymous Coward

          Re: The biter bit.

          "from where can I download a version for my well-written Open Source multi-user OS?"

          You still use OpenVMS?!

  2. jnffarrell1

    And the good news is?

    As security tightens even complex paths to insert malware become trackable. Is this an ant-trap or a cockroach box? Only Google knows whether it wants to poison malefactors back in their nests or trap them for observation

    1. dogged

      Re: And the good news is?

      Would you like to buy this bridge?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like