Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dangerous Java Flaw Threatens 'Virtually Everything'

Posted by Zonk on from the let-it-cool-down-first dept.

Marc Nathoni writes with a ZDet article about a critically dangerous hole in the Java Runtime Environment. Due to the ubiquitousness of Java, this could prove a serious security problem. "Australia's Computer Emergency Response Team (AusCERT) analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk. 'Delivery of exploits in this manner is attractive to attackers because even though the browser may be fully patched, some people neglect to also patch programs invoked by browsers to render specific types of content,' said Lowe."

6 of 323 comments (clear)

  1. 'Virtually Everything' or 'Everything Virtual'? by Anonymous Coward · · Score: 5, Funny
    I think that

    Dangerous Java Flaw Threatens 'Virtually Everything' Should read

    Dangerous Java Flaw Threatens 'Everything Virtual' I mean, Java is just a freaking virtual machine, not the underpinnings of all laws of physics. I'm pretty sure my shoes and coffee mug are going to make it through this ordeal.
    1. Re:'Virtually Everything' or 'Everything Virtual'? by Vulva+R.+Thompson,+P · · Score: 5, Funny

      I'm pretty sure my shoes and coffee mug are going to make it through this ordeal.

      Speak for yourself, some of us use Java in our coffee mugs. The upcoming patch is supposed to correct a number of leaks.

  2. Re:You forget... by Azar · · Score: 5, Funny

    Well, as long as they aren't using the nuclear reactor to browse warez sites, I think we will be fine.

  3. Well, since this impacts Java... by pw700z · · Score: 5, Funny

    ...at least we can be assured whatever disaster happens, it will happen slowly. Just kidding!

  4. To quote Harry Dresden... by Anonymous Coward · · Score: 5, Funny

    Just because you are paranoid doesn't mean there isn't an invisible demon out to eat your face.

  5. Re:You forget... by computational+super · · Score: 5, Funny
    I don't know Java, so I can't start a rational flamewar over why Lisp is better.

    Lisp is preferred in high-security installations (such as nuclear generators) because it's an extra layer of security. Even if a hacker can breach the outer defences, no actual human being can comprehend a Lisp program, so there's no danger of the hacker doing any damage.

    --
    Proud neuron in the Slashdot hivemind since 2002.