Slashdot Mirror

← Back to Stories (view on slashdot.org)

Java Update Implements Whitelists To Combat 0-Day Hacks

Posted by timothy on from the let's-see-your-invitation dept.

kylus writes "The Register is reporting that Oracle's new Java 7 update 40 release comes complete with a new 'Deployment Rule Set' capability which allows administrators to define which particular applets and Java Web Start applications ('Rich Internet Applications') are permitted to run on a given machine. Not a complete solution for the recent trend of Java hacks that have cropped up, but good news for enterprises that have to run this in their environment." Update: 09/19 20:08 GMT by U L : There's an introduction to deploying rule sets on the Java platform group weblog too.

8 of 55 comments (clear)

  1. Good by Anonymous Coward · · Score: 4, Informative

    This is a good thing for my company. We need java web start for only one application: the social security wage reporting "AccuWage" software. So whitelisting that is easy.

  2. About time by benjfowler · · Score: 5, Insightful

    Like it or not, a lot of crap line-of-business/enterprise software still uses old, hacked-together garbage applets, and they need to be supported.

    There's quite a few games out there written as applets too (e.g. Minecraft, the Jin Chess Client), and speaking for myself, I want to run one or two of them without feeling like I'm holidaying in Baghdad.

  3. Re:Whitelists mean nothing by Joining+Yet+Again · · Score: 4, Funny

    What if you're wearing a condom but your one night stand has a knife? Did you even think that through?

  4. Re:Whitelists mean nothing by kylus · · Score: 3, Insightful

    As I said at the end of the summary, this really isn't a complete solution and you're right about a whitelisted applet/RIA being vulnerable. However this is a good piece of 'defense in depth' to prevent random Java crap from executing without authorization if (when) another bug crops and is somehow exploited. If the stuff you're whitelisting has problems, you need to revisit your coding quality checks, or talk to whatever vendor is supplying it to you.

    --
    --Kylus
    Idiot-proof something, and Life will build a better Idiot.
  5. Re:Whitelists mean nothing by JustOK · · Score: 3, Funny

    My night stand doesn't have a knife. Toe nail clippers, phone charger, box of kleenex, clock radio, lamp: those are the things my night stand has.

    --
    rewriting history since 2109
  6. Re:pointless by h4rr4r · · Score: 5, Insightful

    No everyone has not. There are a great many enterprise apps that companies rely on that need this. Normal users will not know to turn it on, nor to turn it off.

  7. Re:Oracle are fab by Joce640k · · Score: 3, Insightful

    Finally, an admission that they'll never be able to make it secure, that blacklisting everything by default is the only way forward.

    --
    No sig today...
  8. Re:Why only applets? by swilver · · Score: 3, Insightful

    I'd recommend installing a better firewall instead.