Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon.

Pages: 1-

Insecure Serialization/Deserialization

Name: Anonymous 2018-11-01 12:28

Serialization: object state to byte stream, i.e. something in RAM being saved to disk.
Deserialization: byte stream to object state, as in something being loaded from a file and then being put into RAM.

I've vaguely heard of attacks relating to serialization/deserialization. Do you know anything about them?

Name: Anonymous 2018-11-01 12:37

Possible with a vulnerable serializer.

Name: Anonymous 2018-11-01 12:38

>>2
What makes a serializer vulnerable?

Name: Anonymous 2018-11-01 12:51

A vulnerability in the code.

Name: Anonymous 2018-11-01 14:44

>>4
gee, thanks, genius

Name: Anonymous 2018-11-01 17:50

GPUs having DMA. Good times, good times.

Name: Anonymous 2018-11-01 18:05

>>6
How is that relevant?

Name: Anonymous 2018-11-01 19:39

>>7
Hmm, let's see... a separate processor with direct RAM access. Nope, totally irrelevant.

Name: Anonymous 2018-11-01 20:02

>>8
ok buddy but you still need to load stuff to and from files (or network sessions, because those can provide byte streams too), not everything is stored in RAM forever, it's volatile
and a lot of server-related deserialization stuff has nothing to do with GPUs
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode + RSS -