Slashdot Mirror


Cross-Platform Java Sandbox Exploit

DrWho520 points out this report at silicon.com which begins "A flaw in Sun's plug-in for running Java on a variety of browsers and operating systems could allow a virus to spread through Microsoft Windows and Linux PCs. The vulnerability, found by Finnish security researcher Jouko Pynnonen in June, was patched last month by Sun, but its details were not made public until Tuesday." The hole affects Linux and Windows.

4 of 382 comments (clear)

  1. no fear slashdot! by Scythr0x0rs · · Score: 0, Flamebait

    You may soon be receiving a Java virus via your web browser.

    Symptoms:

    1) system loads increase by 3x magnitude
    2) system starts to work slowly
    3) the JVM has now loaded
    4) the virus starts to install... ...
    you can use the 15 minutes it takes java to load a virus (or anything) to close your web browser at this point.
    5) If you are not able to stop the virus, look out for strange windows with dodgy toolkits. Yes, Java AWT, this means you.

  2. At least... by lxt · · Score: 0, Flamebait

    At least (unlike several other large companies), Sun produced a patch before the issue was released to the public. How many times does this normally happen (certainly, I can think of no instances this has happened for Windows - anyone care to enlighten me?)...

    1. Re:At least... by Cereal+Box · · Score: 1, Flamebait

      other organizations have sat on information for over a year without issuing a patch, which is an unacceptable turn-around.

      Sort of like how Mozilla "classified" bugs that sat around for YEARS before getting fixed? Case in point, the "shell:" expoit of a few months ago. Turns out the Mozilla team knew of a potential problem for years, but "classified" the problem and didn't do anything about it until an actual exploit surfaced. Of course, here on Slashdot, there was no harsh words for Mozilla, because after all, it was "Microsoft's problem".

  3. Re:FUD by Tony+Hoyle · · Score: 0, Flamebait

    But it is *not* on www.sun.com which is the main site that everyone uses to download java It's on an essentially hidden development site.

    Apart from a few slashdot fanboys who has even heard of java 1.5?