“A Princeton University student has shed light on security flaws in Java and .Net virtual machines by using a lamp, some known properties of computer memory and a little luck.
An attack requires physical access to the computer, so the technique poses little threat to virtual machines running on PCs and servers. But it could be used to steal data from smart cards, asserts Sudhakar Govindavajhala, a computer-science graduate student at Princeton who demonstrated the procedure here Tuesday.
“There are smart cards that use Java that you could shine a light on, flip a bit and get access to the card’s data,” he said. Govindavajhala presented the paper at the Institute of Electrical and Electronic Engineers (IEEE) Symposium on Security and Privacy. CNET News