dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1060
share rss forum feed


Oleg
Premium
join:2003-12-08
Birmingham, AL
kudos:2

1 recommendation

Oracle's Latest Java Update Comes With Security Holes

Security Explorations has found two bugs in the latest version of Java that can be combined to bypass its sandbox—a finding that comes on the heels of reports earlier this week that Oracle's recent update did not fully address a security flaw.
»www.eweek.com/security/oracles-l···ers-say/



jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24

Shoot!



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

4 recommendations

reply to Oleg

Click for full size
ANIMATED .GIF
I'm surprised.
Is Homer head of the security team?

PrntRhd
Premium
join:2004-11-03
Fairfield, CA
reply to Oleg

Patches don't completely fix things, this was expected as the underlying flaw is still there. Patches just mask the flaw for a while, until someone finds a way to get past the patches.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Oleg

These are not necessarily chronological and may exist in other threads on Oracle | Java.

Oracle's Java Fix Fizzles
• »www.technewsworld.com/story/Orac···079.html
Java 7 update 11 security patch fixes nothing
• »betanews.com/2013/01/14/java-7-u···nothing/
$5,000 will buy you access to another, new critical Java vulnerability
• »arstechnica.com/security/2013/01···ability/
Post-patch, US-CERT continues call to disable Java plug-in
• »www.networkworld.com/news/2013/0···880.html
New Java zero-day attack offered for $5K on black market
• »venturebeat.com/2013/01/16/java-zero-day/
It's Time to Banish Java from Your Computer
• »blogs.cio.com/security/17700/its···computer
Malware poses as an update for Java 0-day fix
• »blog.trendmicro.com/trendlabs-se···day-fix/
How to use Java - if you must
• »blog.trendmicro.com/trendlabs-se···ou-must/

--
Underground parking for Hades



owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
reply to Oleg

gee what a surprise



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to Oleg

While it's still perhaps premature to write off Java's future, there's a lot of bad press piling up fast for Oracle. And before one can hope to pull out of an uncontrolled descent, one has to correct the cause of the flat spin that precipitated the descent in the first place. A number of experts assert Java contains multiple security flaws, some or many of them latent - that is, as yet unexploited. Unless Oracle gets its arms seriously around the architectural or coding pattern-flaw issues underlying essentially all of these, the 'flat spin' and the descent will continue. They can't really afford any more announcements along the lines of DHS's last one before a mad rush for the exits begins in earnest (if it hasn't already). Trying to kill off these exploited holes one embarrassing, semi-effective patch at a time can only end with Java's ultimate impact with some very hard ground.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


PrntRhd
Premium
join:2004-11-03
Fairfield, CA

1 recommendation

+1
The only Real fix is to write a new version without the current flaws.
Or really good patches, which has not worked for Oracle so far.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Oleg

A close look at how Oracle installs deceptive software with Java updates
• »www.zdnet.com/a-close-look-at-ho···0010038/

How Java dumps useless add-ons and toolbars on PC users
Java is the newly crowned "king of foistware."
• »arstechnica.com/information-tech···c-users/



Oleg
Premium
join:2003-12-08
Birmingham, AL
kudos:2

Nothing new here. There are a lot of software products that come with carpware build into installer. Like Foxit Reader or even CCleaner not many people know about that there is a clean version of CCleaner up there. When you visit main page of CCleaner there is no URL pointing to the slim version. If you are asking why? It is because Piriform does not want you to know about it so they can make money of toolbar installations!



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

+ 1 & ongoing threads worth a mention and read:
»Java is still exploitable and is likely going to remain so..
»Feds warn PC users to disable Java



FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

1 recommendation

reply to siljaline

said by siljaline:

A close look at how Oracle installs deceptive software with Java updates
• »www.zdnet.com/a-close-look-at-ho···0010038/

How Java dumps useless add-ons and toolbars on PC users
Java is the newly crowned "king of foistware."
• »arstechnica.com/information-tech···c-users/

There is no doubt Oracle is one of the absolute scummiest software companies on earth.
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.

slajoh01

join:2005-04-23

4 edits

Here is perhaps one way to eliminate Java. But this may sound silly.

We have to convince programmers and website designers to write their code without Java requirements.
If we want to eliminate Java totally without having to worry about its security flaws each time, then programmers have to realize that writing code that requires Java would be a chaos...And website designers also.
Many businesses such as Banking use Java, like I said, re-program the application codes or content which would eliminate the need for Java.

Im not a programmer myself and know nothing about it, but this what I think.
And of course, this all wont happen overnight...

Oracle has degraded itself....U know why??? All because of OUTSOURCING....Thats ur answer buddy...
Oracle was great back in the day. But now with this Outsourcing stuff, they really messed things up.
And Im not only speaking for Java, other things as well which I dont want to be off topic here...