Slashdot Mirror

← Back to Stories (view on slashdot.org)

Don Box: Huge Security Holes in Solaris, JVM

Posted by timothy on from the so-this-pot-and-kettle-are-in-a-coal-mine-at-night dept.

DaHat writes "Don Box, one of the authors of the original SOAP specification in 1998, now an architect on Microsoft's next generation Indigo platform recently responded to James Gosling's remarks regarding huge security holes within the .NET Common Language Runtime (CLR). Don argues that the same 'flaws' that Gosling noted in the .NET CLR exist both within the Solaris operating system as well as the JVM, both of which support execution of C and C++ code, as well as explaining why this is not necessarily a bad thing."

13 of 226 comments (clear)

  1. On Defense by fembots · · Score: 2, Funny

    First instance of Microsoft mehing FUD?

    Next up, Notepad will be the target since it allows any malicious code to be written on it.

    --
    Rock that crushes, Paper & Scissors that don't matter.
  2. Flaws aren't a bad thing? by MattyDK23 · · Score: 2, Funny

    I can see it now..."Bugs deserve rights too!"

    1. Re:Flaws aren't a bad thing? by Rosco+P.+Coltrane · · Score: 5, Funny

      I can see it now..."Bugs deserve rights too!"

      Well, ask the original bug at NSWC if it enjoys being taped to a cardboard note since 1947...

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  3. Standards by davidstrauss · · Score: 2, Funny

    Is this the new Microsoft Box model?

  4. This proves Python, Perl, and other FOSS==secure by Anonymous Coward · · Score: 1, Funny

    Since Java and .NET are both so insecure; by subtraction, F/OSS is the most secure stuff around!

  5. here we go again.... by kevinx · · Score: 5, Funny

    is this one of those, "your hole is bigger than mine" arguments?

  6. Re:Reminds me of this link by Anonymous Coward · · Score: 1, Funny

    Wooo, someone is stupid enough to use Exeem!

  7. This just in! by kiwidefunkt · · Score: 5, Funny

    This just in: Programming languages are insecure. They allow third parties to run arbitrary code on your processor.

    Microsoft will be releasing a patch which fixes this problem soon. Stay tuned.

    --
    www.kiwilyrics.com - a wiki for lyrics
  8. But that's where you're wrong-- Inline.pm! by Anonymous Coward · · Score: 1, Funny

    But Perl and Python have the same security flaw we are discussing with regards to .NET and Java-- both allow linking against unsafe compiled code!

    So the only really safe language to be using, in truth, is HQ9+. Rather than leaving the opportunity for error as Perl, Python, Java and .NET do, HQ9+ utilizes an innovative language design which ensures by the very syntax of the language that security violations are not possible. Consider using HQ9+ for your next enterprise application development project.

  9. Re:It's that darn C and C++ code again.. by SnarfQuest · · Score: 2, Funny

    Intercal! It's very hard to write viruses using it.

    (It's very hard to write anything else in it either)

    --
    Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
  10. Hmm.. by vurg · · Score: 5, Funny

    So when will this become a serial exchange of yo momma jokes?

  11. Whiny by 5n3ak3rp1mp · · Score: 4, Funny

    I can't help feeling that some small percentage of this type of back-and-forth is something like a junior-high whiny geek arguing about how the Micro Channel bus architecture is better than ISA and that , incidentally, Apples are utterly irrelevant. ...Oh, wait. That geek was at one time a friend of mine, and this was circa 1985, and this was an actual discussion. ;) (hi, don ulrich! i still use a Mac, and Apple still exists! where's your precious PS/2 micro-channel NOW?!?! nyaaah, nyaaah!!)

  12. Heh by finkployd · · Score: 3, Funny

    One of the creators of SOAP is lecturing on security, that is quite a laugh. SOAP still stands as the poster child for the "design something first, try to hack on security after the fact" crowd.

    Finkployd