Unpatched Java installations may have helped spread the malware responsible for the recently uncovered "Red October" cyber-spying campaign, researchers at Seculert have revealed. Kaspersky Labs first disclosed the existence of Red October on Monday, claiming that the program had been responsible for attacks on systems in …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 16th January 2013 21:25 GMT adnim

I wish

I was smart enough to develop a website with all the usefulness and functionality of a site coded with html, css, ajax, javascript and php in html, css and php only.....

One that would satisfy the expectations of the consumer user.

0 2
1. Wednesday 16th January 2013 21:28 GMT Zaphod.Beeblebrox
  
  Re: I wish
  
  BTW this is about Java, not javascript.
  
  1 0
2. Thursday 17th January 2013 15:33 GMT graham_
  
  Re: I wish
  
  hahaha..I wish you was smart enough to read.
  
  0 0
Wednesday 16th January 2013 21:26 GMT Zaphod.Beeblebrox

And the company I work for still resolutely refuses to remove Java from internal systems and from the systems we sell to our customers.

X <-- Bang head here.

0 0
1. Wednesday 16th January 2013 21:46 GMT MrT
  
  Shouldn't that be...
  
  X X
  
  \/
  
  ...bang head*s* here, Zaphod, cool frood?
  
  6 0
  1. Thursday 17th January 2013 17:52 GMT Zaphod.Beeblebrox
    
    Re: Shouldn't that be...
    
    Zarquon man, you have a point!
    
    1 0
2. Wednesday 16th January 2013 22:58 GMT Destroy All Monsters
  
  > refuses to remove Java
  
  > not even talking about the plugin
  
  Maybe you are not entirely sure what you talking about, son?
  
  1 0
Wednesday 16th January 2013 22:06 GMT nuked

"SURPRISED? OLD JAVA EXPLOIT HELPED SPREAD RED OCTOBER SPYWARE"

No.

0 0
Wednesday 16th January 2013 22:48 GMT Anonymous Coward

inconvenient information omitted?

I guess that the fact that the fix to the latest zero day that was mentioned being available over the weekend would have been counter to the authors assertion that oracle is slow to release java fixes, so it was conveniently omitted?

0 0
Thursday 17th January 2013 00:38 GMT Synja

Java in and of itself is not the problem

Once again, the problem is people running untrusted code in a trusted environment, even if it's accidentally. You don't run client side code unless you know the source. Java applications are no more inherently dangerous than applications written in any other language. The same risks apply to running Javascript, ActiveX, VBS, or any other client side code within a browser.

0 0
1. Thursday 17th January 2013 04:40 GMT Jamie Jones
  
  Re: Java in and of itself is not the problem
  
  > the problem is people running untrusted code in a trusted environment,
  
  That's the point - the java plugin is meant to be sandboxed - it's due to bugs that programs escape the sandbox,
  
  Similarly, all the others are meant to be restricted in what they can do, or again, sandboxed from the main system
  
  0 0
Thursday 17th January 2013 01:58 GMT Anonymous Coward

"Java applications are no more inherently dangerous than applications written in any other language"

Good luck telling that one to an applet busy shitting on your browser.

0 1