poss security problem in JDK 1.7.0_17

Path	csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!news-in-01.newsfeed.easynews.com!easynews!core-easynews-01!easynews.com!en-nntp-16.dc1.easynews.com.POSTED!not-for-mail
From	Roedy Green <see_website@mindprod.com.invalid>
Newsgroups	comp.lang.java.security
Subject	poss security problem in JDK 1.7.0_17
Organization	Canadian Mind Products
Reply-To	Roedy Green <see_website@mindprod.com.invalid>
Message-ID	<3nseo8d95g2mndqq9grbcsl50qas1afivu@4ax.com> (permalink)
User-Agent	ForteAgent/7.00.32.1200
MIME-Version	1.0
Content-Type	text/plain; charset=us-ascii
Content-Transfer-Encoding	7bit
Lines	13
X-Complaints-To	abuse@easynews.com
X-Complaints-Info	Please be sure to forward a copy of ALL headers otherwise we will be unable to process your complaint properly.
Date	Mon, 06 May 2013 02:10:37 -0700
X-Received-Bytes	1381
Xref	csiph.com comp.lang.java.security:273

Show key headers only | View raw

I read somewhere that the Reveton.N virus (a scareware virus that
tries to extort money) see http://mindprod.com/jgloss/scareware.html

used an Java Applet security hole to function.  It leaves an ordinary
*.exe file on a Windows machine.

I just got hit a second time. That suggests the exploit is still
present in JDK 1.7.0_17  I think Oracle's "fix" was simply turning off
all Applets by default.
-- 
Roedy Green Canadian Mind Products http://mindprod.com
Nothing is so good as it seems beforehand. 
 ~ George Eliot (born: 1819-11-22 died: 1880-12-22 at age: 61) (Mary Ann Evans)

Back to comp.lang.java.security | Previous | Next — Next in thread | Find similar

Thread

poss security problem in JDK 1.7.0_17 Roedy Green <see_website@mindprod.com.invalid> - 2013-05-06 02:10 -0700
  Re: poss security problem in JDK 1.7.0_17 Stanimir Stamenkov <s7an10@netscape.net> - 2013-05-06 16:11 +0300
    Re: poss security problem in JDK 1.7.0_17 Roedy Green <see_website@mindprod.com.invalid> - 2013-05-06 18:26 -0700

csiph-web