Steeling Against Web Attacks

By Peter Coffee  |  Posted 2002-03-25 Print this article Print

When last week's eWeek featured my story about Java's proven security, I should have known that the same week would see a conspicuous new announcement of a Java-related vulnerability.

Sometimes, I get what I deserve, but most of the time, thats not what I want. When last weeks eWeek featured my story about Javas proven security, based on more than six years of practical trial and theoretical refinement, I should have known that the same week would see a conspicuous new announcement of a Java-related vulnerability (documented by the discoverer, which can be found via

I deserved that comeuppance because I never included in that story the three magic words that have to be used to placate the gods that rule over software security discussions. That incantation, which we forget at our extreme peril, is "when implemented correctly."

Imperfection isnt immediately fatal when we work with relatively forgiving materials. I have fond memories of the steel and concrete labs in the basement of Building 1. For the most part, those materials derive their strength from bulk properties, with fairly high resistance to point defects.

The reason we reinforce concrete with steel bars is because concrete holds up well in compression but fails suddenly and catastrophically in tension with the first tiny crack. Adding steel gives the combination a ductile failure mode, one that stretches before it gives way completely. Software doesnt have that much-needed feature: Its first crack, so to speak, brings down the entire structure.

If we cant make software behave in a way that warns us when its overstressed, we have to provide redundant strength: We have to encrypt our data traffic so that a man-in-the-middle attack doesnt intercept clear-text transmissions. We have to create, and use, least-privilege accounts for even our single-user machines, instead of merely logging in as Administrator because its the easiest way to get full access to the machine: The privileges you have can be hijacked by malicious code, so why give yourself any privileges that you wont actually need that day? Users who had both of these good habits could treat last weeks Java discoveries as someone elses problem.

People ask me why Sun and Microsoft, normally at each others throats, issued joint announcements of these vulnerabilities. Sun depends on the credibility of Java, and Microsoft on the credibility of Internet Explorer, and this incident occurred at their intersection. For once, keeping the user comfortable came first.

Tell me about other mixed blessings at

Peter Coffee is Director of Platform Research at, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel