13 posts • joined Monday 26th October 2009 18:22 GMT
The majority of these exploits apply to client Java deployments, and can only be exploited through untrusted Java Web Start applications, and untrusted applets.
Hmm. So that means *trusted* code can't use the vulns? That sounds counter-intuitive to say the least. What's more, Web Start apps and applets ordinarily can only become trusted by the user allowing them to run.
Are they rootable? Is IT rootable? If so, (i suppose depending on connectivity) i'm sure that would massively increase the interest value for us geeks
>>It uses a mixture of hardware and software lockdowns to keep out malware
For "to keep out malware", can we read "to keep the buyer from owning it"?
How it works
"It acknowledges packets on the wire (electrically) and then loses them into the void somewhere inside the firmware. "
Would that be firmware that is closed source by any chance? Either way, I find it strange that such a project has seen fit to accept the provision of closed source blobs.
>>Shylock uses a battery of tricks to escape detection by anti-virus scanners
But would possibly be detected by a little pattern matching against a Gutenberg edition of the works of one W. Shakespeare?
Perhaps if this trend of self-defensive demands for source code continues it might be useful to employ the term 'felching' in this, er... cleaner context?
No root login welcome
>>Windows machines for the vast majority of users should only be run in unprivileged mode, the authors also recommend<<
Best practice in Unix is to disallow root login. Is this even possible in Windows?
Of course, for most of its lifespan, root login has been the ahem... default in Windows and still is, though UAC has been shoehorned in at the last moment
Maybe stagnation of the app is a reflection of the stagnation of the protocols. Perhaps they should be looking at implementing different ones and simultaneously asserting an alternative nexus of control to the Benign Empire?
>>Technically correct, you can't run MS Office under it<<
Not even that is
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- NSFW Oz couple get jiggy in pharmacy in 'banned' condom ad
- Exploits no more! Firefox 26 blocks all Java plugins by default
- Shivering boffins nail Earth's coldest spot