[LINK] Security problems with Java in browsers

Nicholas English nik.english at gmail.com
Tue Sep 18 04:15:05 AEST 2012


Thanks for the sanity check F. :)

Still, the scale/spread of the actual exploits could be quantified
which might be a better tonic to the FUD

In the meantime there remains the fact that there are plenty of users
out there for who even this strategy won't work.

Examples include the stated Cloud enabled enterprise apps. But... more
vulnerable are online learners needing to access VirtualClassrooms
such as the Blackboard tools, many which are Java dependent.

Trying to dictate to students what to use where is a sisyphean task.
Most uni helpesks can only provide guidance.

Some of the new mega-courseware options don't include these sort of
interactive spaces yet these are new platforms and not widely
employed.

So at the end of the day no matter how many good deeds Oracle may have
performed, leaving the Java engine exposed for this long puts it
squarely in the bad camp :(

Nicholas English


Sent from A phone

On 17/09/2012, at 9:19 PM, Fernando Cassia <fcassia at gmail.com> wrote:

> On Mon, Sep 17, 2012 at 12:16 PM, Robin Whittle <rw at firstpr.com.au> wrote:
>
>> (looks really complex):
>>
>
> It isn´t. Just install the Preferences Toolbar (prefbar.mozdev.org), or the
> NoScript Firefox extension and you can "Whitelist" Java (along with
> JScript) on those sites that need it, and disable it on all others.
>
>
>> Unless there is a clear need for it, it may be easier to uninstall Java
>> from the computer entirely.
>>
>
> This is complete FUD. Java is more than a browser plug-in (which BTW, is
> used for things like Intel´s driver update software, "powered by
> SystemRequirements", some on-line banking secure log-in and other useful
> sites like KeepVid.com to download youtube videos).
>
> It´s curious how every patch tuesday there´s "critical security updates"
> coming down the wire from WindowsUpdate for components like ActiveX and
> Microsoft´s .Net, yet there´s not a single headline this year suggesting
> users "remove .Net completely".
>
> For instance, on my machine I run several Java apps on a daily basis,
> including  Jitsi (open source VOIP, video-conferencing and Skype-killer)
> www.jitsi.org, muCommander (http://ho.io/mucommander), Java Image Editor,
> and ocassionally Art of Illusion (raytracing/3D), Freemind (mind mapper
> software), Sweet Home 3D (floor planning, home design).
>
> Interesting how the scaremongering headlines appeared shortly after this:
>
> Oracle has been good to Java, despite early fears
> http://www.infoworld.com/t/java-programming/oracle-has-been-good-java-despite-early-fears-200200
>
> And these stream of positive events:
>
> -Oracle makes OpenJDK 7 the reference implementation of Java7
>
> -All Linux distros ship OpenJDK
> http://www.java7developer.com/blog/?p=361
>
> -IBM joins OpenJDK
> http://www.infoq.com/news/2010/10/ibm-joins-openjdk
>
> -Apple contributes its OSX JRE code to OpenJDK
> http://9to5mac.com/2011/01/12/openjdk
> -code-lands-as-mac-port-project-springs-to-life/
>
> -Twitter joins OpenJDK
> https://dev.twitter.com/blog/twitter-open-source-and-jvm
>
> -Oracle decides to offer Java 7 JREs for Apple OS X
> http://www.macrumors.com/2012/08/14/oracle-officially-launches-java-se-7-for-os-x/
>
> -In 2012, Java continues to be among the top-3 programming languages
> according to TIOBE index, despite a campaign of previous FUD articles like
> this:
>
> http://www.businessweek.com/stories/2005-12-12/java-its-so-nineties
>
> And third-party languages for the Java VM have skyrocketed, thanks to
> Java7's support for dynamic languages:
>
> http://java.sun.com/developer/technicalArticles/DynTypeLang/
>
> http://en.wikipedia.org/wiki/List_of_JVM_languages
>
> I guess Microsoft' s anti-Java campaign never actually ended after all:
> http://ho.io/sunblock
>
> And someone in Redmond must be laughing out loud.
>
> Corolary: If the high-profile web sites you visit daily are infected with
> malware, you have bigger problems to begin with.... today could be Java,
> tomorrow could be Flash or ActiveX based...
>
> FC
> --
> During times of Universal Deceit, telling the truth becomes a revolutionary
> act
> - George Orwell
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link




More information about the Link mailing list