Dangerous Java Flaw Threatens 'Virtually Everything'

Marc Nathoni writes with a ZDet article about a critically dangerous hole in the Java Runtime Environment. Due to the ubiquitousness of Java, this could prove a serious security problem. "Australia's Computer Emergency Response Team (AusCERT) analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk. 'Delivery of exploits in this manner is attractive to attackers because even though the browser may be fully patched, some people neglect to also patch programs invoked by browsers to render specific types of content,' said Lowe."

Re:It's a C/C++ flaw in the Java environment.

[geekoid]

Perhaps it's time to train people how the fuck to write in C instead of throw it out?

Re:Original AusCERT

[nanosquid]

If Sun simply rewrote the code in Java (which wouldn't be hard; only time consuming), the problems would go away.

The Java language is a train wreck when it comes to imaging code. You can write something like a JPEG library in "pure" Java, you can even make it fast, but it ends up being worse than writing it in assembly language.

If Sun actually practiced what they preached, they would have fixed this years ago. Unfortunately, all they every seem to write in Java themselves is increasingly bloated "enterprise libraries"; when they need to write something efficient, they define a new library API and implement it in native code.

Re:You forget...

[Doctor+Memory]

Speaking tubes were tried once ("Ahoy! More coolant on the starboard pile, and hoist up control rod three!") but finding reactor operators who knew Urdu was too difficult. Bah! That was just the excuse they used to try to bring in cheap Sanskrit-speaking labor from overseas!