* Posts by James Roper

3 posts • joined 16 Jun 2008

Facebook ignores huge security hole for four months

James Roper

NoScript won't help you.

The NoScript plugin can't help you with any Facebook security vulnerabilities... To use Facebook, you need Javascript, so you need Facebook whitelisted in the NoScript configuration. Because it's whitelisted, you are now vulnerable to any XSS attacks, because XSS vulnerabilities usually mean injecting Javascript into files that are sourced from Facebook. So, either you use Facebook, and are vulnerable whether you have NoScript installed or not, or you don't use Facebook, in which case you don't need NoScript to protect you.

0
0

Apple tells Mac users: Get anti-virus

James Roper

They aren't encouraging multiple virus scanners on one machine

I think you've misread Apple's post. They're not suggesting that anyone installs multiple antivirus utilities on one machine. The statement says "the widespread use of multiple antivirus utilities". What they're saying is that if there are multiple antivirus utilities out there in widespread use, rather than just one antivirus utility that dominates, then virus programmers will have a much harder time, because in order for their virus to successfully propagate they'll need to circumvent them all. So they're encouraging people to not necessarily follow one particular antivirus software vendor, just because it's got a bigger name, but saying that there are multiple options out there, and they are all just as good, and the fact that there are multiple out there protects you further.

0
0

Red Hat promises delayed JBoss 'worth the wait'

James Roper

Websphere Application Server does not support JEE 5

The article incorrectly states that JEE 5 has already been added to IBM's WebSphere Application Server 6.1. In actual fact, WebSphere is in a worse off situation than JBoss. JEE support is scheduled for inclusion in WebSphere 7, which, like JBoss 5, has no release date set yet. WebSphere 6.1 users can get a JEE 5 feature pack, but this is unsupported for production use. JBoss 4.2 however comes with a 99% compliant and supported JEE 5 container out of the box, and JBoss have had their pluggable EJB 3.0 container available to users for a lot longer than WebSphere have had theirs.

The thing that WebSphere 6.1 did include was a Java SE 5.0 JVM, almost 2 years after the release of the Java SE 5.0 spec, and a long time after JBoss shipped versions that were supported on Suns Java SE 5.0 JDK.

0
0

Forums