When Govindavajhala Sudhakar, a Princeton college student from Bangalore, presented a paper on JVM security at an IEEE symposium on computer security, the press naturally took notice. In addition, the ink is still wet on stories of how Muhammad Danka took only a few minutes to find a technique that allowed him to reset passwords of any Microsoft Passport user's account - www.siliconvalley.com/mld/ siliconvalley/5822963.htm.

College students seem to be particularly adept at hacking and, with this in mind, CNET reported: "New hacking tool sees the light," http://news.com.com/2100-1009_3-1001406.html.

What Govindavajhala did was to create a Java applet with two classes, A and B (www.cs.princeton.edu/~sudhakar/ papers/memerr.pdf). The program creates a single instance of A and fills the remainder of the heap with instances of B that point to the singleton A. A and B are defined so that the size they occupy in the JVM (including their object header) is a power of 2. If one of the bits in the JVM where B points to A were to flip, then there's a chance it would likely point to the base of one of the B objects instead.

It's hard to see how this corrupted heap is little more than an academic "so what?" However, the paper assures us that this can be used to read and write arbitrary JVM memory and thereby poses a security threat. Giving the benefit of the doubt on this issue, how's this bit flip going to occur on the PC where the attack applet is lurking?

One method described is to rely on chance because when a cosmic ray interferes with the RAM holding the JVM, random bit flips can occur. Not content with waiting for this event to happen, the paper describes how to take apart a smoke detector to create a source of alpha particles, or use high-energy protons created by particle accelerators, although the favored technique is infrared radiation. The "researchers" opened the back of their PC and shone a 50-watt light bulb onto the memory chips. "As we were fine-tuning this experiment, we found that introducing large numbers of memory errors would often cause the operating system not only to crash, but to corrupt the disk-resident software so that reboot was impossible without reinstallation of the operating system." This is some kind of research euphemism for "Instead of our perfectly engineered single bit flip, we kept frying the hard drive by mistake."

Not content with the unfortunate experimental side effect of frazzling their disk, the authors then go on to describe how a real attacker would not have the luxury of opening the box anyway, and how for a desktop PC "the attacker would have to heat the entire box in an oven." Remember readers, the attacker is trying to just flip a single bit in the JVM heap containing his string of B objects, and he's just put your PC into an oven. What happens if he overcooks it and your prized 3GHz Pentium comes out well done rather than rare? This is covered with the superb understatement, "We don't know whether the memory would become unreliable before other components failed," or in other words "If your PC gets turned to toast, it's all in the name of scientific progress."

When questioned by CIOL, www.ciol.com/content/developer/2003/ 103051401.asp, Govindavajhala stated, "Now, in India, some places go to 50ºC in the summer. Probably bits are already flipping in my homeland. Now, all I need to do to take over a good number of machines in India is to put this applet up on my Web page and wait for hits from India in summer. Computers of a billion people are at stake."

I think perhaps after spending too long in the sun himself, it's not only the PC's bits that have flipped. What's next for the IEEE, "Security Flaw: Monkeys with typewriters break 128-bit encryption."