Cross-Platform Java Sandbox Exploit
DrWho520 points out this report at silicon.com which begins "A flaw in Sun's plug-in for running Java on a variety of browsers and operating systems could allow a virus to spread through Microsoft Windows and Linux PCs. The vulnerability, found by Finnish security researcher Jouko Pynnonen in June, was patched last month by Sun, but its details were not made public until Tuesday." The hole affects Linux and Windows.
You may soon be receiving a Java virus via your web browser.
...
Symptoms:
1) system loads increase by 3x magnitude
2) system starts to work slowly
3) the JVM has now loaded
4) the virus starts to install...
you can use the 15 minutes it takes java to load a virus (or anything) to close your web browser at this point.
5) If you are not able to stop the virus, look out for strange windows with dodgy toolkits. Yes, Java AWT, this means you.
At least (unlike several other large companies), Sun produced a patch before the issue was released to the public. How many times does this normally happen (certainly, I can think of no instances this has happened for Windows - anyone care to enlighten me?)...
But it is *not* on www.sun.com which is the main site that everyone uses to download java It's on an essentially hidden development site.
Apart from a few slashdot fanboys who has even heard of java 1.5?