While data can be a valuable target and will probably the goal as this exploit matures, it is not the only goal this exploit is being used for. A common payload for this currently is a cryptominer. It's also being used to create nodes on a botnet. Compute power and network bandwidth have value also.


On Wed, 2021-12-15 at 06:38 -0700, Charles Wilt wrote:
Correct...

I suspect that on a perfectly configured system, with a properly configured
object authority scheme in place the amount of damage would be limited.

I also suspect, very few such systems exist. :/

Even if the Java app isn't running under a profile with special
authorities, in my experience it's likely running under a profile that's
used by multiple apps. Thus increasing the amount of data exposed.

Charles


On Tue, Dec 14, 2021 at 11:16 PM Peter Dow <petercdow@xxxxxxxxx<mailto:petercdow@xxxxxxxxx>> wrote:

Charles,

Wouldn't they need authority to do something like DLTLIB *ALL?

I mean they may not need credentials, but wouldn't it inherit the
authorities of whatever context the Java app is in?


[https://www.medtronsoftware.com/img/MedtronMinilogo.bmp]
Kevin Bucknum

Senior Programmer Analyst

MEDDATA / MEDTRON

120 Innwood Drive
Covington LA 70433
Local: 985-893-2550<tel:985-893-2550>
Toll Free: 877-893-2550<tel:877-893-2550>
https://www.medtronsoftware.com


CONFIDENTIALITY NOTICE

This document and any accompanying this email transmission contain confidential information, belonging to the sender that is legally privileged. This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party and is required to destroy the information after its stated need has been fulfilled. If you are not the intended recipient, or the employee of agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or action taken in reliance on the contents of these documents is STRICTLY PROHIBITED. If you have received this email in error, please notify the sender immediately to arrange for return or destruction of these documents.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.