[LINK] Net-connected computer security seems impossible. Was: Java ...
Michael Skeggs mike@bystander.net
mskeggs at gmail.com
Tue Jan 15 12:04:00 AEDT 2013
For the record, I did see info on the MS zero day.
I think the bigger reason is that anybody with the least interest in
security stopped using IE years ago, so a story about flaws has no audience
except enterprise IT managers.
A java security flaw will have a much bigger affected base, and many
affected users will care about security, so it is a story that has a
readership.
regards,
Michael Skeggs
On 15 January 2013 10:16, Fernando Cassia <fcassia at gmail.com> wrote:
> On Mon, Jan 14, 2013 at 7:40 PM, Robin Whittle <rw at firstpr.com.au> wrote:
> > I am exploring using Eclipse-CDT for C++ development - a very fancy IDE
> > which is written in Java so it runs identically on Windows, Linux or
> > whatever. Java is a very good thing in many respects, but if it is
> > written to be secure for general browser use, and is promoted for years
> > as such, its bad for it to be found to be flawed, with untimely updates
> > and especially if Sun, Oracle or whoever is responsible can't respond
> > with a proper fix to newly discovered vulnerabilities in a few hours.
>
> What I´m decrying is the double standard in some IT press (IDG,
> ZDNet), always to quick to blame Oracle-I don´t know, they might have
> their own agenda or an Oracle competitor as big advertiser-, when the
> same outrage doesn´t extend for instance
> to Internet Explorer.
>
> IE had a 0day hole unpatched for TWO WEEKS. Did you read any
> scaremongering headlines telling users to uninstall IE?. I certainly
> did not.
>
> JANUARY 13: Microsoft issues fix for 0day vulnerability
>
> https://krebsonsecurity.com/2013/01/microsoft-issues-fix-for-zero-day-ie-flaw/
>
> "The update, MS13-008, addresses a single vulnerability in IE versions
> 6 through 8, and is available through Windows Update. __The patch
> comes a little more than **two weeks after** security firms began
> seeing evidence that hackers were leveraging the vulnerability in
> targeted attacks___"
>
> Security is an ongoing process, not a definitive solution. If you want
> a truly secure PC, I´d recomend a wire cutter...
>
> http://thumbs.dreamstime.com/thumblarge_554/128919807585S4xK.jpg
>
> ;-)
> FC
> PS: I know a handful sites where I use Java based applets, with the
> new security mechanisms in place, I click "allow", on those, and
> "deny" on all others. The browser remembers the selection so I´m not
> bothered after the initial visit. Simple, actually.
>
> --
> During times of Universal Deceit, telling the truth becomes a
> revolutionary act
> Durante épocas de Engaño Universal, decir la verdad se convierte en un
> Acto Revolucionario
> - George Orwell
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>
More information about the Link
mailing list