Path: csiph.com!usenet.pasdenom.info!aioe.org!.POSTED!not-for-mail From: Roedy Green Newsgroups: comp.lang.java.programmer Subject: Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Date: Fri, 31 Aug 2012 15:21:17 -0700 Organization: Canadian Mind Products Lines: 19 Message-ID: References: <6luv38htl4ve3ldqv0pd1pmu876gddq2v6@4ax.com> <50400827$0$289$14726298@news.sunsite.dk> Reply-To: Roedy Green NNTP-Posting-Host: K2Qzzs3EAqXk5RLzfhxcSw.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org X-Notice: Filtered by postfilter v. 0.8.2 X-Newsreader: Forte Agent 6.00/32.1186 Xref: csiph.com comp.lang.java.programmer:18487 On 31 Aug 2012 06:02:43 GMT, Fredrik Jonson wrote, quoted or indirectly quoted someone who said : >That an attacking applet has to be unsigned doesn't limit the severety of >this vunerability. If the vunerability was only exploitable by signed >applets, the risk would be somewhat more limited. As it stands right now, >any script kiddie can compile and publish exploiting code. A signed applet is by definition dangerous. It is typically allowed to read/write any files it pleases. Normally unsigned applets are the safest things going, though I have heard so many false claims they are not. That is why I was initially suspicious. -- Roedy Green Canadian Mind Products http://mindprod.com A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die, and a new generation grows up that is familiar with it. ~ Max Planck 1858-04-23 1947-10-04