Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dangerous Java Flaw Threatens 'Virtually Everything'

Posted by Zonk on from the let-it-cool-down-first dept.

Marc Nathoni writes with a ZDet article about a critically dangerous hole in the Java Runtime Environment. Due to the ubiquitousness of Java, this could prove a serious security problem. "Australia's Computer Emergency Response Team (AusCERT) analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk. 'Delivery of exploits in this manner is attractive to attackers because even though the browser may be fully patched, some people neglect to also patch programs invoked by browsers to render specific types of content,' said Lowe."

10 of 323 comments (clear)

  1. 'Virtually Everything' or 'Everything Virtual'? by Anonymous Coward · · Score: 5, Funny
    I think that

    Dangerous Java Flaw Threatens 'Virtually Everything' Should read

    Dangerous Java Flaw Threatens 'Everything Virtual' I mean, Java is just a freaking virtual machine, not the underpinnings of all laws of physics. I'm pretty sure my shoes and coffee mug are going to make it through this ordeal.
    1. Re:'Virtually Everything' or 'Everything Virtual'? by Vulva+R.+Thompson,+P · · Score: 5, Funny

      I'm pretty sure my shoes and coffee mug are going to make it through this ordeal.

      Speak for yourself, some of us use Java in our coffee mugs. The upcoming patch is supposed to correct a number of leaks.

  2. You forget... by greenreaper · · Score: 4, Funny

    What about the people using it to run nuclear reactors?

    1. Re:You forget... by Azar · · Score: 5, Funny

      Well, as long as they aren't using the nuclear reactor to browse warez sites, I think we will be fine.

    2. Re:You forget... by computational+super · · Score: 5, Funny
      I don't know Java, so I can't start a rational flamewar over why Lisp is better.

      Lisp is preferred in high-security installations (such as nuclear generators) because it's an extra layer of security. Even if a hacker can breach the outer defences, no actual human being can comprehend a Lisp program, so there's no danger of the hacker doing any damage.

      --
      Proud neuron in the Slashdot hivemind since 2002.
    3. Re:You forget... by kabdib · · Score: 4, Funny

      Low tech is better.

      Those relays are powered by *steam*, and serve only to control arms in the corridor outside the control room which raise and lower colored flags. Mesopotamian runner-slaves note the configuration of the flags and carry messages to more slaves stationed near the reactor core who in turn are responsible for raising and lowering the control rods, who man the coolant pumps, and in a pinch, who sacrifice goats to the altar of O'krap, the God of Reactor Meltdowns.

      Speaking tubes were tried once ("Ahoy! More coolant on the starboard pile, and hoist up control rod three!") but finding reactor operators who knew Urdu was too difficult.

      The Nuclear Safety Council is considering a move to systems based on "electrics," but the committee responsible for this investigation has been unable to locate the inventors B. Franklin and T. Edison.

      --
      Any sufficiently advanced technology is insufficiently documented.
  3. Well, since this impacts Java... by pw700z · · Score: 5, Funny

    ...at least we can be assured whatever disaster happens, it will happen slowly. Just kidding!

  4. To quote Harry Dresden... by Anonymous Coward · · Score: 5, Funny

    Just because you are paranoid doesn't mean there isn't an invisible demon out to eat your face.

  5. Re:Anyone have details? by Geek+of+Tech · · Score: 4, Funny

    Among other things, it has been confirmed that cellphones, computers, handhelds, iPods, small children, toasters, garage door openers and SUV owners are all vulnerable to this flaw.

    The only device that isn't vulnerable to this is the Nintendo Wii. The theory is that the swinging of Wiimotes manages to sling the problematic code away from your device.

    If you think that your computer might be at risk, pick it up and start spinning in big circles. This might create enough force to dislodge any vicious code.

    --
    Stop the Slashdot effect! Don't read the articles!
  6. Re:Are you sure? by joshv · · Score: 4, Funny

    That's probably because the bug inside had failed and the battery started corroding causing it to expand and crack the mug.