Feeds

back to article Nasty nuke-lab data-slurper EVOLVES, now feeds off new Java hole

A piece of malware linked to attacks against governments and organisations involved in hi-tech industries such as space exploration and nuclear power has been adapted to exploit a recently uncovered Java security flaw. NetTraveler has been outfitted to exploit a recently patched Java bug as part of a watering-hole-style attack …

COMMENTS

This topic is closed for new posts.
Gold badge
Unhappy

Another good reason to either not install or disable Java?

If you don't need it you don't want it.

6
1
Anonymous Coward

Java?

Just like Flash, enterprise systems should not be running Java for anything. Bloated, slow, full of security holes and the applications you get are written by little more than overpaid script-kiddies.

I know, I've checked the code that comes through from potential suppliers. The absolute basics (such as message validation on a public interface) are left out and it's possible to blow the entire system up because of this. And then we get to the spelling mistakes in the message structures for systems that apparently passed QA. Seriously.

"Java programmers". Pfft. Try "Pretend programmers"; it's closer to the mark.

2
6
Anonymous Coward

enterprise systems should not be running Java for anything

Try telling that to IBM, EMC and Dell.. half of their management systems are written in Java, so Enterprises have little alternative but to use it!

4
0
Anonymous Coward

Re: enterprise systems should not be running Java for anything

People still buy from EMC (excluding VMWare and hardware for the moment) and Dell?

IBM, at least, still has some proper programmers.

And there is always an alternative: "I'm sorry, Java is a security risk I am not willing to take and for that price I'd prefer that the software was written by professionals".

0
0

Re: enterprise systems should not be running Java for anything

Well if not Java, And what programming language and framework do you use then?

0
0
Anonymous Coward

Re: Java?

While I don't doubt your analysis of the code, the sad truth is that too many vendors write too much code that requires Java. And all too often the front end is a browser.

In the case of the people I have to support it gets worse. The programs using it are mandated by government policy and are used by the accounting department for handling money. And yes, one of the requires not just a browser, but IE8. Oh, Firefox and Chrome will probably run the code but ask for support from the dev team when something isn't working and they'll tell you they only support IE8.

0
0
Anonymous Coward

Re: enterprise systems should not be running Java for anything

That would all depend on what the software is supposed to do. Any properly trained programmer (i.e. cut their teeth in C) can code in just about any language.

For a simple web app? Python or similar would do.

Business logic? C#.

A client application? C# again or Objective C (if on a Mac).

For prodding hardware? Assembler, C or C++.

Super-whizzo web GUIs with HTML5/CSS3 shenanigans? Various bits of JQuery for the UI, backed by ASP.net and C# business logic.

There is no need to degrade systems with Java.

1
1
Anonymous Coward

Re: Java?

"Oh, Firefox and Chrome will probably run the code but ask for support from the dev team when something isn't working and they'll tell you they only support IE8."

That's not a dev team - that's script kiddies. Hire professionals.

1
0

This post has been deleted by its author

Bronze badge

Re: Java?

"Java programmers". Pfft. Try "Pretend programmers"; it's closer to the mark.

Steady on. You'll be telling us they eat quiche next!

1
0
Bronze badge
Paris Hilton

Re: enterprise systems should not be running Java for anything

So.. what do you recommend for business logic or "Super-whizzo web GUIs with HTML5/CSS3 shenanigans" if being rolled out in a *NIX environment? Mono?

Don't get me wrong: I am not a fan of Java, the language is cumbersome and the current paradigm seems to lead to Dependency Hell (DLL Hell for you MS Developers); but .Net development ignores a large chunk of the web server market, and is not the only answer.

0
0
Anonymous Coward

Re: enterprise systems should not be running Java for anything

"So.. what do you recommend for business logic or "Super-whizzo web GUIs with HTML5/CSS3 shenanigans" if being rolled out in a *NIX environment? Mono?"

You use the platforms I mention - HTML5/CSS3 runs regardless of client OS (not that many people use *NIX clients).

As for the server, pick the language that the server can run. If that's C#; great. If it has to be something else, great.

0
0

yeah, and html5 has no security holes, oh no.

people never write bad python code, oh no.

a client application written in C# will ONLY run on a MS Windows client, and one written in ObjectiveC will only run on a Macintosh. oh yeah, and .NET Framework (C#), gee, which version? Java at least has maintained a fairly high level of forwards compatability.

0
0
This topic is closed for new posts.