Java exploit

Generic discussions with the emphasis on technology
Post Reply
gaoesa
Site Admin
Posts: 1520
her blog
Joined: 05 Apr 2010, 15:02
Location: Finland
Contact:

Java exploit

Post by gaoesa »

http://blog.mozilla.org/security/2013/0 ... erability/

The issue concerns all platforms. It has not been fixed even if you hear anything contradictory from somewhere. The current recommended fix is on the user level and to disable Java unless when needed and you trust the software you intend to run with it.
He hoped and prayed that there wasn't an afterlife. Then he realized there was a contradiction involved here and merely hoped that there wasn't an afterlife.
- Douglas Adams

silEnT development
http://mygamingtalk.com/
User avatar
gR!ns
Posts: 500
Joined: 10 Mar 2012, 09:28
Location: 2nd reality

Re: Java exploit

Post by gR!ns »

Java has these problems time to time. To be honest, it's one pain in the ass and fixes comes very late.
User avatar
Salmiakki
Posts: 22
Joined: 10 Oct 2012, 17:36
Location: Manse

Re: Java exploit

Post by Salmiakki »

gR!ns wrote:Java has these problems time to time. To be honest, it's one pain in the ass and fixes comes very late.
I think it's mostly marketing (a lot of companies have the agenda of seeing Java dead). There are plenty of 0-day exploits for IE, Chrome (and even Android, etc) and yet nobody is on the war-path because it takes weeks/months to the next release (which most people don't upgrade to on their own anyway).
gaoesa
Site Admin
Posts: 1520
Joined: 05 Apr 2010, 15:02
Location: Finland
Contact:

Re: Java exploit

Post by gaoesa »

The exploit is real anyway. http://www.cert.fi/tietoturvanyt/2013/0 ... 81328.html

Sorry for Finnish, I don't know English websites that well to find good independent reviews. Here's the translation http://translate.google.fi/translate?sl ... ml&act=url
There are plenty of 0-day exploits for IE, Chrome (and even Android, etc) and yet nobody is on the war-path because it takes weeks/months to the next release (which most people don't upgrade to on their own anyway)
I think you are wrong about this. I think most people know Android has very weak security but still they don't care about that. I'm not familiar with Chrome because I don't use it and never plan to use it. IE is a Microsoft product and that if any has been constantly under pun.
He hoped and prayed that there wasn't an afterlife. Then he realized there was a contradiction involved here and merely hoped that there wasn't an afterlife.
- Douglas Adams

silEnT development
http://mygamingtalk.com/
User avatar
Salmiakki
Posts: 22
Joined: 10 Oct 2012, 17:36
Location: Manse

Re: Java exploit

Post by Salmiakki »

gaoesa wrote:The exploit is real anyway. http://www.cert.fi/tietoturvanyt/2013/0 ... 81328.html

Sorry for Finnish, I don't know English websites that well to find good independent reviews. Here's the translation http://translate.google.fi/translate?sl ... ml&act=url
Yes, I didn't mean that there are no exploits - no software that complex is immune to it, just thought the handling of it ("java is dangerous") is due to business interests, and not based on a real threat level.
There are plenty of 0-day exploits for IE, Chrome (and even Android, etc) and yet nobody is on the war-path because it takes weeks/months to the next release (which most people don't upgrade to on their own anyway)
I think you are wrong about this. I think most people know Android has very weak security but still they don't care about that. I'm not familiar with Chrome because I don't use it and never plan to use it. IE is a Microsoft product and that if any has been constantly under pun.
I would disagree. Very few people (of the over one billion who have it) know anything about security on Android (whether that itself is because they don't care in the first place is another issue). I have left out Firefox and Opera (and Safari and other browsers...) in my browser list above not because they are safer, but because they have a smaller install base, and thus less crackers focusing on finding exploits in them. Ditto for Windows - how (objectively) safe it is matters little, as the largest user install-base it's the prime attack target and bound to have the most exploits in the wild.
gaoesa
Site Admin
Posts: 1520
Joined: 05 Apr 2010, 15:02
Location: Finland
Contact:

Re: Java exploit

Post by gaoesa »

nobody is on the war-path
This is what I actually meant to quote.
Very few people (of the over one billion who have it) know anything about security on Android
This can be true. I was just reflecting my own experiences of reading about these vulnerabilities.
He hoped and prayed that there wasn't an afterlife. Then he realized there was a contradiction involved here and merely hoped that there wasn't an afterlife.
- Douglas Adams

silEnT development
http://mygamingtalk.com/
Post Reply