Surprised? Old Java exploit helped spread Red October spyware
Unpatched Java installations may have helped spread the malware responsible for the recently uncovered "Red October" cyber-spying campaign, researchers at Seculert have revealed. Kaspersky Labs first disclosed the existence of Red October on Monday, claiming that the program had been responsible for attacks on systems in Eastern …
This topic is closed for new posts.
I wish
I was smart enough to develop a website with all the usefulness and functionality of a site coded with html, css, ajax, javascript and php in html, css and php only.....
One that would satisfy the expectations of the consumer user.
And the company I work for still resolutely refuses to remove Java from internal systems and from the systems we sell to our customers.
X <-- Bang head here.
Shouldn't that be...
X X
\/
...bang head*s* here, Zaphod, cool frood?
> refuses to remove Java
> not even talking about the plugin
Maybe you are not entirely sure what you talking about, son?
"SURPRISED? OLD JAVA EXPLOIT HELPED SPREAD RED OCTOBER SPYWARE"
No.
inconvenient information omitted?
I guess that the fact that the fix to the latest zero day that was mentioned being available over the weekend would have been counter to the authors assertion that oracle is slow to release java fixes, so it was conveniently omitted?
Java in and of itself is not the problem
Once again, the problem is people running untrusted code in a trusted environment, even if it's accidentally. You don't run client side code unless you know the source. Java applications are no more inherently dangerous than applications written in any other language. The same risks apply to running Javascript, ActiveX, VBS, or any other client side code within a browser.
Re: Java in and of itself is not the problem
> the problem is people running untrusted code in a trusted environment,
That's the point - the java plugin is meant to be sandboxed - it's due to bugs that programs escape the sandbox,
Similarly, all the others are meant to be restricted in what they can do, or again, sandboxed from the main system
"Java applications are no more inherently dangerous than applications written in any other language"
Good luck telling that one to an applet busy shitting on your browser.
This topic is closed for new posts.
