The Transient Keyword in Java and Its Use

This article is originally posted by me in Java Code Geeks with title

The Transient Keyword in Java and Its Use

I recently came a cross in a study project of one of my friends that are studding the basics of programming in Java some forgotten sensitive information printed in text files and remembered the transient keyword in Java.

The transient keyword in Java plays an important role in terms of security and can be very useful in “accidents” like the one above as it will prevent the transmission of sensitive information like for example passwords to files, JSON messages etc that will require serialization.

To cut the long story short, if you define any variable as transient, it will not be serialized unless you define it as static or final.

Lets see some examples bellow. Continue reading “The Transient Keyword in Java and Its Use”

Oracle’s Weblogic CVE-2019-2725 CRITICAL vulnerability allows spreading of sodinokibi ransomware

Malicious users are exploiting a vulnerability in Oracle WebLogic CVE-2019-2725 to install a ransomware called Sodinokibi.

Once executed, the Trojan creates the followoing file:
[PATH TO ENCRYPTED FILES]\[RANDOM EXTENSION]-HOW-TO-DECRYPT.txt and deletes Shadow Volume Copies and disables Windows startup repair.

Next, the Trojan encrypts files on the compromised server. The Trojan appends a random extension to encrypted files that is unique for each compromised computer and creates the a ransom note file in each folder containing encrypted files: [PATH TO ENCRYPTED FILES]\[RANDOM EXTENSION]-HOW-TO-DECRYPT.txt

The ransom note informs the user their files have been encrypted and provides instructions on how they may pay to have the files decrypted.

Unfortunately CVE-2019-2725 is very easy for attackers to exploit, as anyone with HTTP access to a WebLogic server could carry out an attack. Because of this, the bug has a CVSS v3.0 Base Score: 9.8 CRITICAL.

So how safe are you feeling when vising a Weblogic server app these days? :/

Apache NetBeans (incubating) 10.0 Released

nekobean the Apache Netbeans mascot

The Apache NetBeans proudly announced the release of Apache NetBeans (incubating) 10.0.

Finally the first Apache NetBeans incubating release with full support for Java SE, PHP and JavaScript development

You can download it here: https://netbeans.apache.org/download/nb100/nb100.html

Apache NetBeans (incubating) 10.0 constitutes all but the enterprise cluster in the Apache NetBeans Git repo, which together provide the NetBeans Platform (i.e., the underlying application framework), as well as all the modules that provide the Java SE, PHP, JavaScript and Groovy features of Apache NetBeans.

In short, Apache NetBeans (incubating) 10.0 is a full IDE for Java SE, PHP and JavaScript development with some Groovy language support.

New features of the 10.0 Release:

  • JDK 11 support
  • Miscellaneous Features
  • PHP

Continue reading “Apache NetBeans (incubating) 10.0 Released”

We are switching to ENGLISH

We decided to switch the blogs main language to english. Why?

Because programmers MUST know English!

To be able to act in a community or group we must able to share our ideas. Whether we like it or now English is the glue that ties all people together, hence we decided to adopt it here.

So sorry guys but we need to change 🙂

Apache Tomcat – Critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617)

Η ομάδα του Apache Tomcat έχει πρόσφατα επιδιορθώσει πολλές ευπάθειες ασφάλειας. Μια από αυτές θα μπορούσε να επιτρέψει σε έναν μη εξουσιοδοτημένο εισβολέα να εκτελέσει από απόσταση κακόβουλο κώδικα σε επηρεαζόμενους διακομιστές.
Continue reading “Apache Tomcat – Critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617)”

Java Quiz no1

Consider the following code

[code language=”java”]

public class JavaApplication4 {

/**
* @param args the command line arguments
*/
public static void main(String[] args) {

String testValue = "1";

try{
  testValue = "2";
return;
}catch(Exception e){

}finally{
testValue = "3";
}

}
}

[/code]

What will be the value of testValue at the end of execution?

Τα Java VM Options που πρέπει να ξέρεις τι κάνουν!

Είναι πάρα πολλές οι φορές που συναντώ στησίματα σε servers με JVM options και στην ερώτηση μου “γιατί είναι επιλεγμένα αυτά τα options?” η απάντηση είναι: “Γιατί το είχε πει ο “Θανάσης” “που ήξερε” ή “Τι να σου πω; έτσι το βρήκα και μου φάνηκε καλό”.

Αποφάσισα, λοιπόν, να γράψω αυτό το άρθρο, για να αναφέρω τις πιο συχνές παραμέτρους που χρησιμοποιώ εγώ για Java 6 μέχρι και 8, σε παραγωγικά και μη περιβάλλοντα.
Continue reading “Τα Java VM Options που πρέπει να ξέρεις τι κάνουν!”