First Java 0-Day In 2 Years Exploited By Pawn Storm Hackers

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.

Here we go again.

[sproketboy]

It's an exploit in the Java Plugin - not Java itself but whatever - let's get the Oracle hate going.

Re:Here we go again.

[squiggleslash]

Well, yeah, Oracle hate is totally justified, so let's do it! (Besides, who wrote the plugin?)

But yes, Java hate is OTT. It's a decent language/concept. Microsoft did it better with .NET/C#, but beyond the painful programming patterns Java's frameworks enforce on everyone, it's not a bad system.

The plugin needs to go though.

Irrelevant

Who gives a fuck about the Java plugin? The point is that Java is not the shitty java plugin, it's a programming language and JVM. People conflating the two are ignorant of Java's significance in the software industry. Like it or hate it for its own sake, but it's not the fucking browser plugin!

Re:Irrelevant

You live in a backward country. I'm sorry.

Lets just disable java

[cant_get_a_good_nick]

FTFY

Always disabling Java is the recommended course of action.

Java and Flash on the web are technologies that have come and gone. Now that HTML5 video is prevalent, I'm much more likely to get pwn3d by a zero day than I am to find anything in either Java or Flash that I'd actually miss.