New Java 0-Day Vulnerability Being Exploited In the Wild

An anonymous reader writes "Here we go again. A new Java 0-day vulnerability is being exploited in the wild. If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to 'High' and attempt to avoid executing malicious applets. This latest flaw was first discovered by security firm FireEye, which says it has already been used 'to attack multiple customers.' The company has found that the flaw can be exploited successfully in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed, the latest versions of Oracle's plugin."

Re:why they don't

[Almost-Retired]

Because that would cost (gasp) money, and Larry would have to put off buying the rest of Hawaii for another 3 weeks.

Seriously, from the vantage point of having first coded in assembly back in '78, (also my age now) on an RCA 1802 MPU, one of the things I learned early on was to write a small executable that called the program piece I was working on, feeding it data up to the size of the cpu's registers, and let it run long enough its all been tried, without any crashing or incorrect output.

You can't do that to the whole thing where its tied to machinery you might cause to break or injure people, but you can damned sure stick some leds on the output bus, both as an activity indicator, and as a correctness verification. That means the guy writing the code must also be capable of picking up a soldering iron and fabricating his own test tool hardware, and I don't believe for a millisecond that a coder can call himself a coder or programmer if he can't do that. The hands MUST fit the tools IOW.

Engineering at a tv station was my paycheck for 48 years, and I have played cowboys and electrons for a living since the tail end of the 40's, quitting school to go fix tv's for cigarette money at the end of the 8th grade & still do the hot soldering iron scene but more as an aid to my hobbies, one of which is cnc controlled machining tools.

Some of the code I wrote, to run on hardware I also built, has lasted as long as the technology that required it, in 2 cases in excess of a decade, and one of those 2, the decade was after I had gone on down the road to a greener pasture. Neither ever crashed except when the battery ran down because the power failure was longer than the battery's holdup time.

Yes, dependable code seems like its also secure, but that is achieved by testing that data for validity BEFORE using it to for something so mundane as detecting when someone has gotten up from the shitter and is putting himself back together, at which point you close a switch and effectively pull the flush handle.

What is so difficult about understanding that? Just because your prof in CS101 was a pompous ass and didn't do it, I mean how dare you question MY judgement?, didn't do it, what makes you think you don't need to? I have done things in a higher level language quite a few times, but AFAIAC, that higher level language just makes it that much easier to shoot your code in its one tenuous space connected to reality, aka its foot.

My 2 cents for today.
Cheers, Gene

Re:why they don't

[zixxt]

What sucks is after years of watching Java disappear from the consumer desktop its fucking making a comeback, ARGH! Why is it coming back? Damned Java games like fricking Minecraft that's why. Why oh why did the game designers suddenly decide to start using Java again,is it because of Android? if so the person who came up with Android needs to be shot because this is a fricking nightmare! To give geeks a better understanding imagine if after all these years suddenly IE 6 made a major comeback, wouldn't you want to scream? For the love of God it was almost dead on the desktop! /walks away muttering and sobbing/

Troll much?

Java is the best cross platform language in the world. Billions more devices and computer run Java than Windows. Java is making a comeback because it never went anywhere. If I want my application to reach as many people as possible I use Java.