Himalia Enemy Territory Gaming Community

http://blog.mozilla.org/security/2013/0 ... erability/

The issue concerns all platforms. It has not been fixed even if you hear anything contradictory from somewhere. The current recommended fix is on the user level and to disable Java unless when needed and you trust the software you intend to run with it.

Java has these problems time to time. To be honest, it's one pain in the ass and fixes comes very late.

gR!ns wrote:Java has these problems time to time. To be honest, it's one pain in the ass and fixes comes very late.

I think it's mostly marketing (a lot of companies have the agenda of seeing Java dead). There are plenty of 0-day exploits for IE, Chrome (and even Android, etc) and yet nobody is on the war-path because it takes weeks/months to the next release (which most people don't upgrade to on their own anyway).

The exploit is real anyway. http://www.cert.fi/tietoturvanyt/2013/0 ... 81328.html

Sorry for Finnish, I don't know English websites that well to find good independent reviews. Here's the translation http://translate.google.fi/translate?sl ... ml&act=url

There are plenty of 0-day exploits for IE, Chrome (and even Android, etc) and yet nobody is on the war-path because it takes weeks/months to the next release (which most people don't upgrade to on their own anyway)

I think you are wrong about this. I think most people know Android has very weak security but still they don't care about that. I'm not familiar with Chrome because I don't use it and never plan to use it. IE is a Microsoft product and that if any has been constantly under pun.

gaoesa wrote:The exploit is real anyway. http://www.cert.fi/tietoturvanyt/2013/0 ... 81328.html

Sorry for Finnish, I don't know English websites that well to find good independent reviews. Here's the translation http://translate.google.fi/translate?sl ... ml&act=url

Yes, I didn't mean that there are no exploits - no software that complex is immune to it, just thought the handling of it ("java is dangerous") is due to business interests, and not based on a real threat level.

There are plenty of 0-day exploits for IE, Chrome (and even Android, etc) and yet nobody is on the war-path because it takes weeks/months to the next release (which most people don't upgrade to on their own anyway)

I think you are wrong about this. I think most people know Android has very weak security but still they don't care about that. I'm not familiar with Chrome because I don't use it and never plan to use it. IE is a Microsoft product and that if any has been constantly under pun.

I would disagree. Very few people (of the over one billion who have it) know anything about security on Android (whether that itself is because they don't care in the first place is another issue). I have left out Firefox and Opera (and Safari and other browsers...) in my browser list above not because they are safer, but because they have a smaller install base, and thus less crackers focusing on finding exploits in them. Ditto for Windows - how (objectively) safe it is matters little, as the largest user install-base it's the prime attack target and bound to have the most exploits in the wild.

nobody is on the war-path

This is what I actually meant to quote.

Very few people (of the over one billion who have it) know anything about security on Android

This can be true. I was just reflecting my own experiences of reading about these vulnerabilities.