Few questions in My mind

[scatter]

Okay as I mentionned before am playing alot recently with java as I need in mobile apps dev but in the mean time I started having some ideas but well I want your opinions about because I can t find better advice or opinions in other places so here are my few questions ^_^

1) why only few malwares found on the wild are not coded in java? if they were coded in java the infection rate would be higher no?

2)what do you think of a malware that can hit everything? by everything I mean computers and mobile phones whatever the base system is ( windows, mac, linux, android etc) because Java can be ran on all of them

3) if such a malware is created, how can I make use of it to get a job in companies for example like VUPEN ( I think most people know that company and for those who maybe don t here it is http://www.vupen.com/english/" onclick="window.open(this.href);return false; )

[bad_brain]

hm, I think Java is not THAT attractive for malware coders (anymore) because it already has a very bad name...most people are wary about Java already (ok, except the ones that are wary about nothing), you can see that by the way how hard Windows for example makes it to run a simple java app in the browser.....for malware it's of course much "better" when the user doesn't have to click "agree" multiple times and allow firewall exceptions first.
on the other hand Java isn't THAT insecure, which makes it not THAT easy to create malware which promises a high infection rate...the sandbox environment idea is actually really good, the biggest problem is, as usual in IT, users being too lazy to keep their stuff up to date.

creating a cross-OS malware is surely possible, but for someone wanting to distribute malware it's simply not worth it because the needed effort would stand in no relation to the expected gain. Linux systems are still too secure because of their general user/permission architecture, and Macs are simply not widely used enough (at least in the non-mobile sector). so creating Windows-only malware is the most efficient way to get the most possible benefits with the least possible effort.

about the job perspective: of course it would be a very bad idea to release such malware into the wild and expecting to get a job through the gained "fame"....such stories are around, but they only look promising if you don't follow them through. for example: a german malware coder who created a lot of havoc (I think it was the Storm worm he created, don't really remember anymore though) got hired by a security company afterwards....but in the end the company went bankrupt really quick, because instead of the expected benefits by hiring "an insider" the customers jumped off the ship because they didn't wanted their sensitive data in the hands of a company that hires a criminal.
the legit way would be to inform the affected vendors and not to publish full disclosures until the flaws are officially fixed.
if the flaws you discovered are really fundamental you will surely get invitations to conferences for example....by fundamental I mean like "a flaw in a general OS architecture or protocol", things like "new flaw in a Wordpress plugin" are only interesting for max. 2 minutes.
you will also have to contribute constantly, a single release will never be enough for a future perspective....you simply have to make yourself a name, and this takes time and a lot of effort. you will also need a high tolerance for frustration, because many vendors or sites treat you like a criminal if you point out their security problems instead of being thankful.

[ayu]

Wrong category, moved to coding.

[scatter]

@b_b fact thx for the advice but there was a java malware before check this out
http://wickeddigital.blogspot.com/2014/ ... on-of.html" onclick="window.open(this.href);return false;

[scatter]

@cats am following the rules, I always post in pending submissions so you guys know later if it's accepted where to move it ^_^ sorry but I read well the rules and I still didn t have green light to put my posts in the section where I think they belong to :p so please do me a favor because most of my post r still in the pending submissions section and thx in advance

[bad_brain]

well, yeah, there have been plenty of Java flaws already, but actually just a few in latest builds....most (at least as far as I am aware of) were found in versions that were outdated already. I mean, look at the update frequency of Java, there is an update every couple of months...which is also pointing to most flaws found in older versions.

oh, and the pending submissions usually stay there until they have a looong white beard, so I might start moving some now...

P.S.
ok, I have moved some posts from the "pending submissions" board now. please notice that this board is more for tuts you have written yourself, tuts by others which only contain a link to the source for example fit better to the "Links" board....if your intention is to start a discussion about the general topic of the linked tut it should go to the appropriate board for the topic itself (like the "hacking" or "coding" boards)...

[DNR]

Cats is correct, this is a topic for discussion, belonging in Coding section.

Submissions should be for finished, proofread articles of knowledge waiting to be approved by senior members.

DNR