Reply to post:

Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims

Androgynous Cupboard Silver badge

Oh dear, let me guess: Apache are using Java Serialization, then sending the serialized data over the wire?

Java Coders of the world, listen to me! Java Serialization is not a wire format! It's insecure, hard to debug, Java-specific and not portable over time (change your class signature, and it will no-longer deserialize). Use CBOR or something you can actually inspect.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon