Path: csiph.com!usenet.pasdenom.info!gegeweb.org!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail From: markspace <-@.> Newsgroups: comp.lang.java.programmer Subject: Re: Article: Why you can't dump Java (even though you want to) Date: Tue, 08 May 2012 13:59:01 -0700 Organization: A noiseless patient Spider Lines: 31 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Tue, 8 May 2012 20:59:05 +0000 (UTC) Injection-Info: mx04.eternal-september.org; posting-host="zgW2MA4sFrKxp4jMohs6RQ"; logging-data="11609"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+3vhKNTOnN1aydlsK5J98d9bB6AP3noTY=" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 In-Reply-To: Cancel-Lock: sha1:Nm9JnksndlLXuYvrdhUnzW2JXGg= Xref: csiph.com comp.lang.java.programmer:14421 On 5/8/2012 1:36 PM, Nasser M. Abbasi wrote: > On 5/8/2012 3:14 PM, Arved Sandstrom wrote: >> >> The main problem is the human being, whether coder or user. >> > I think the whole internet is doomed. no where to run and hide > any more. Arved wins this argument. From the article: "Sure, I could opt not to use those Java-enabled services or install Java and uninstall when I'm finished. But the core problem isn't necessarily Java's exploitability; nearly all software is exploitable. It's *unpatched* Java. Few successful Java-related attacks are related to zero-day exploits. Almost all are related to Java security bugs that have been patched for months (or longer)." Again I use FireFox. After a recent upgrade of FF, it disabled the Java plugin (a recent one, version 6 update 22 or so) calling it insecure. OK whatever, so I downloaded a new one. It bugged me at the time but now I see why: FF was forcing me to upgraded to a later patch. This I'm removes known vulnerabilities. It takes effort to stay on top of these things but it can be done. Now, who's at fault for the Mac Java exploit? Oracle? Or Apple for allowing users to run old, insecure versions of Java?