back to article Surprised? Old Java exploit helped spread Red October spyware

Unpatched Java installations may have helped spread the malware responsible for the recently uncovered "Red October" cyber-spying campaign, researchers at Seculert have revealed. Kaspersky Labs first disclosed the existence of Red October on Monday, claiming that the program had been responsible for attacks on systems in Eastern …

COMMENTS

This topic is closed for new posts.
Silver badge
Unhappy

I wish

I was smart enough to develop a website with all the usefulness and functionality of a site coded with html, css, ajax, javascript and php in html, css and php only.....

One that would satisfy the expectations of the consumer user.

0
2
Meh

Re: I wish

BTW this is about Java, not javascript.

1
0
Thumb Up

Re: I wish

hahaha..I wish you was smart enough to read.

0
0
Unhappy

And the company I work for still resolutely refuses to remove Java from internal systems and from the systems we sell to our customers.

X <-- Bang head here.

0
0
MrT
Bronze badge

Shouldn't that be...

X X

\/

...bang head*s* here, Zaphod, cool frood?

6
0
Silver badge
Headmaster

> refuses to remove Java

> not even talking about the plugin

Maybe you are not entirely sure what you talking about, son?

1
0
Alien

Re: Shouldn't that be...

Zarquon man, you have a point!

1
0

"SURPRISED? OLD JAVA EXPLOIT HELPED SPREAD RED OCTOBER SPYWARE"

No.

0
0
Anonymous Coward

inconvenient information omitted?

I guess that the fact that the fix to the latest zero day that was mentioned being available over the weekend would have been counter to the authors assertion that oracle is slow to release java fixes, so it was conveniently omitted?

0
0

Java in and of itself is not the problem

Once again, the problem is people running untrusted code in a trusted environment, even if it's accidentally. You don't run client side code unless you know the source. Java applications are no more inherently dangerous than applications written in any other language. The same risks apply to running Javascript, ActiveX, VBS, or any other client side code within a browser.

0
0
Silver badge

Re: Java in and of itself is not the problem

> the problem is people running untrusted code in a trusted environment,

That's the point - the java plugin is meant to be sandboxed - it's due to bugs that programs escape the sandbox,

Similarly, all the others are meant to be restricted in what they can do, or again, sandboxed from the main system

0
0
Anonymous Coward

"Java applications are no more inherently dangerous than applications written in any other language"

Good luck telling that one to an applet busy shitting on your browser.

0
1
This topic is closed for new posts.

Forums