• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Dangerous Java Flaw Threatens Virtually Everything

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
According to ZDNet, vulnerabilities in Java Runtime Environment have been discovered by Google’s research team. Apparently the vulnerability threatens the security of all platforms, browsers, mobile devices and anyone using the Java Runtime Environment or Java Development Kit is at risk.

"This is as bad as it gets," said Chris Gatford, a security expert from penetration testing firm Pure Hacking. "It’s a pretty significant weakness, which will have a considerable impact if the exploit codes come to fruition quickly. It could affect a lot of organizations and users," Gatford told ZDNet Australia.
Click to expand...
 
Oops.

Hope they release a new build of java for everything here soon.
 
Time to start suing Java's creators for the costs and damages thier shoddy workmanship has caused.

Only way this crap stops is if the penalty for shit coding starts to hurt.

How can you work on something for YEARS and still have it so buggy and vulnerable.

Makes me wonder how we've ever accomplished ANYTHING ever. :rolleyes: :p :D

How bought 3 strikes and you're dead? Would that be enough incentive to work harder. :eek:
 
xX_Jack_Carver_Xx said:
Time to start suing Java's creators for the costs and damages thier shoddy workmanship has caused.

Only way this crap stops is if the penalty for shit coding starts to hurt.

How can you work on something for YEARS and still have it so buggy and vulnerable.

Makes me wonder how we've ever accomplished ANYTHING ever. :rolleyes: :p :D

How bought 3 strikes and you're dead? Would that be enough incentive to work harder. :eek:
Click to expand...
Your joking right?:confused:
 
Java, used by allot of p2p sharing programs (limewire), and some free gaming websites(pogo). It even runs the software to install my cellular extras, and program my universal remote. Java is used for such a widespread range of products it is really scary to find out it is unsecure.

Cheers!
 
Not much in the way of real information in the article.Without specific details it's pretty useless,except to panic people.
 
xX_Jack_Carver_Xx said:
Time to start suing Java's creators for the costs and damages thier shoddy workmanship has caused.

Only way this crap stops is if the penalty for shit coding starts to hurt.

How can you work on something for YEARS and still have it so buggy and vulnerable.

Makes me wonder how we've ever accomplished ANYTHING ever. :rolleyes: :p :D

How bought 3 strikes and you're dead? Would that be enough incentive to work harder. :eek:
Click to expand...

Retarded
 
michael.pa2 said:
Not much in the way of real information in the article.Without specific details it's pretty useless,except to panic people.
Click to expand...

Perhaps, but most likely they're not going to release (or even know) the details to the public to give lame hackers a leg up on where to look. Assuming they haven't found it already...Another reason to simply disable java. It was a recommendation 4 yrs ago to me and it still serves true today. I doubt this software will ever be secure because its track record shows no sign of improvement, or so little that I will be dead (mid 20s) before it even reaches Window's Vista levels.
 
If you're going to complain about something that's been around for years, let's not forget the most bug ridden OS ever created: UNIX. Since it's inception I'm pretty sure it's got a tally of bugs and holes that would give Bill Gates reason to smile. And new ones are still found on a regular basis, soooo...
 
There's a month-old flaw that was found by Google, though it's already been patched. 1.6u2 has been out for at least a few days now, though it doesn't mention vulnerabilities found by Google. Would be nice if they told us if a patch was upcoming, or already incorporated.
 
Yah, sort of kidding, but....

Software companies have been living a very blessed life as far as accountabiility is concerned.

If it were the norm... how fk'd up and shitty a job these fools do... then it'd be the NORM to be driving down the road and have a wheel fall off your car.

It happens, but it aint the norm, its very rare in fact.

Of course, now there alot of software in the car, so.... we're all gonna die :eek: :p :D

The leading edge is the software profession, yes the leading edge in the rush to no pride in workmanship at all.:cool:
 
It's times like this that I don't envy enterprise level sysadmins one bit. As an end-user, I can crank my firewall settings up a notch or two to weather a storm or install patches as soon as they're released. The sysadmins though have got to drive a corporate-level firedrill involving massive amounts of quick-turnaround time testing. Bleah.
 
Hang on, its Friday 13th !
Perhaps this is a new April Fools day lol.
 
Java has always had bad security holes. That's why I stopped installing it years ago.
 
yagisencho said:
It's times like this that I don't envy enterprise level sysadmins one bit. As an end-user, I can crank my firewall settings up a notch or two to weather a storm or install patches as soon as they're released. The sysadmins though have got to drive a corporate-level firedrill involving massive amounts of quick-turnaround time testing. Bleah.
Click to expand...

thats why they get paid the big bucks.


oh wait...
 
I always enjoy [H]. A very vague news article with no information whatsoever gets posted that says "The Java Runtime Environment on every platform has a huge security hole in it" and a majority of the users, knowing nothing about this security hole, start ripping Sun a new one. Without any details, I'm going to say this is being blown way out of proportions.
 
Oooska said:
I always enjoy [H]. A very vague news article with no information whatsoever gets posted that says "The Java Runtime Environment on every platform has a huge security hole in it" and a majority of the users, knowing nothing about this security hole, start ripping Sun a new one. Without any details, I'm going to say this is being blown way out of proportions.
Click to expand...

see slashdot + windows
 
xX_Jack_Carver_Xx said:
Time to start suing Java's creators for the costs and damages thier shoddy workmanship has caused.

Only way this crap stops is if the penalty for shit coding starts to hurt.

How can you work on something for YEARS and still have it so buggy and vulnerable.

Makes me wonder how we've ever accomplished ANYTHING ever. :rolleyes: :p :D

How bought 3 strikes and you're dead? Would that be enough incentive to work harder. :eek:
Click to expand...

Why do you even bother to post, that diatribe does nothing.
 
This is just great - we had to service our entire company for DST issues with JRE's and now this... thank god we have SMS to target the workforce..

After a little bit of sleuthing, here's the CERT warning: http://www.auscert.org.au/render.html?it=7664

Here are the specific exploits:

A buffer overflow vulnerability in the image parsing code in the Java
Runtime Environment may allow an untrusted applet or application to
elevate its privileges. For example, an applet may grant itself
permissions to read and write local files or execute local
applications that are accessible to the user running the untrusted
applet.

A second vulnerability may allow an untrusted applet or application to
cause the Java Virtual Machine to hang.
Here's the impacted versions:
These issues can occur in the following releases (for Windows,
Solaris, and Linux):

First vulnerability:
* JDK and JRE 6
* JDK and JRE 5.0 Update 10 and earlier
* SDK and JRE 1.4.2_14 and earlier
* SDK and JRE 1.3.1_20 and earlier

Second vulnerability:
* JDK and JRE 6
* JDK and JRE 5.0 Update 10 and earlier
* SDK and JRE 1.4.2_14 and earlier
* SDK and JRE 1.3.1_19 and earlier

This will be fun, our developers have tons of code specifically written to run 1.4.2_8

Target
 
Why do you even bother to post, that diatribe does nothing.


It makes ME feel better... and that's all I'm interested in actually. :eek: :p :D

So SUN is like Chinese tires...er toothpaste... er wheat gluten.....er.... we're all gonna die.
 
xX_Jack_Carver_Xx said:
Yah, sort of kidding, but....

Software companies have been living a very blessed life as far as accountabiility is concerned.

If it were the norm... how fk'd up and shitty a job these fools do... then it'd be the NORM to be driving down the road and have a wheel fall off your car.

It happens, but it aint the norm, its very rare in fact.

Of course, now there alot of software in the car, so.... we're all gonna die :eek: :p :D

The leading edge is the software profession, yes the leading edge in the rush to no pride in workmanship at all.:cool:
Click to expand...

Because something as trivial as building a car compares to millions of lines of code. :rolleyes:

You want the wheel to stay on? You use a bigger bolt.
You want your code to be perfect? You meticulously comb millions of lines of code that you may or may not have written and try to imagine every possible interaction with every operating system and every piece of software ever written.
 
ROFL, I thought the thread title said Dangerous Lava Flow Threatens Virtually Everything. Then I started clicking around in the thread and people were saying Java.. I was like WTF? ahhaha. :p
 
You must log in or register to reply here.
Back
Top