• Welcome! The TrekBBS is the number one place to chat about Star Trek with like-minded fans.
    If you are not already a member then please register an account and join in the discussion!

Java security warning

Gary7

Vice Admiral
Admiral
So apparently our faithful Department of Homeland Security is more skilled at Java threat detection than Oracle?

Homeland Security urges computer users to disable Java

Kind of surprising that Oracle didn't make an urgent press release over AP ahead of them.

Anyway, this isn't the first time it has happened. But it's rather unnerving when reading about the level of compromise it may entail.
 
Hmm...more reason for me to hate Java than I already do.

Not surprising Oracle didn't announce this right away. They inherited it from Sun when they bought them, so they probably A) didn't bother to check and, therefore, didn't know about it right away and/or B) don't feel like they have as much ownership over it as, say, their database software, much in the way they treated PeopleSoft right after purchasing them (still don't know why they did that - I worked with PeopleSoft for 3 years and it was pure shit). Either way, I don't think would look good to their shareholders, so there may have been wishful thinking on their part that it would have gone undiscovered if they had known about it all along.

I am surprised that DHS found this, though, and not some kind of independent IT watchdog group. But since there is a veritable ass-ton of stuff written in Java everywhere, particularly within gov't circles, they probably felt it was worthy of a second, unbiased look. Surprise! :D

So glad this bird is finally coming home to roost. I hated Java when I first experienced it back in the 90's and I still think it's an over-engineered monstrosity.
 
^ Then I take it you hate Windows when a particularly destructive virus appears on the scene and foils a number of anti-virus programs before it can be stopped?

Java works and is actually much more powerful than most other languages used to write web enabled applications. Yes, it's not perfect and it got off to a rather rocky start (the garbage collection fiasco was ridiculous), in addition to it being utilized incorrectly. Peoplesoft should not have moved to Java then--it was seriously premature. So that gave Java a black eye, because Sun Microsystems should have discouraged Peoplesoft for being a guinea pig.

So, no bird has come to roost. A security flaw was uncovered BEFORE malware could be written to take advantage of it. But given the flavor of your wording, you've got a vendetta against the language and just can't wait for the next flaw to appear.
 
Does this flaw also affect Android phones, since Android basically is Java with a few hacks thrown in?
 
^ Then I take it you hate Windows when a particularly destructive virus appears on the scene and foils a number of anti-virus programs before it can be stopped?

No, but I do hate Windows in general for reasons far too numerous to count and I hope the new Windows 8 by Fisher Price buries it once and for all.

Java works and is actually much more powerful than most other languages used to write web enabled applications. Yes, it's not perfect and it got off to a rather rocky start (the garbage collection fiasco was ridiculous), in addition to it being utilized incorrectly. Peoplesoft should not have moved to Java then--it was seriously premature. So that gave Java a black eye, because Sun Microsystems should have discouraged Peoplesoft for being a guinea pig.

So, no bird has come to roost. A security flaw was uncovered BEFORE malware could be written to take advantage of it. But given the flavor of your wording, you've got a vendetta against the language and just can't wait for the next flaw to appear.
No vendetta, just bad experiences from...well...experience.

As a side note, this thread probably belongs more in either Science and Technology or Web Sites/Design.
 
Last edited:
Does this flaw also affect Android phones, since Android basically is Java with a few hacks thrown in?

It is a flaw only in Oracle implementations of Java, so those would be the Java 7 runtimes on Windows, Linux, and Mac. Since Android's Dalvik is a proprietary reimplementation, the same vulnerability is not present.
 
If you are not already a member then please register an account and join in the discussion!

Sign up / Register


Back
Top