Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!eternal-september.org!feeder.eternal-september.org!mx05.eternal-september.org!.POSTED!not-for-mail
From: Stanimir Stamenkov <s7an10@netscape.net>
Newsgroups: comp.lang.java.security
Subject: Re: poss security problem in JDK 1.7.0_17
Date: Mon, 06 May 2013 16:11:49 +0300
Organization: A noiseless patient Spider
Lines: 16
Message-ID: <km8a01$vto$1@dont-email.me>
References: <3nseo8d95g2mndqq9grbcsl50qas1afivu@4ax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 6 May 2013 13:08:17 +0000 (UTC)
Injection-Info: mx05.eternal-september.org; posting-host="02709596cb0a0ca94de6c3ae68b8340b"; logging-data="32696"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/J9niazcioeiIh4ztMmnUD"
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0 SeaMonkey/2.17.1
In-Reply-To: <3nseo8d95g2mndqq9grbcsl50qas1afivu@4ax.com>
X-Face: "@)%Vlap6d%OVYDS}B4YUWE@yUy+^!w/+.q.,c5kjI#+uG?kYP&r/pTjNWgo:g[A,O=AL3/ j&4Le2cau$<e=FPq~GbeZ6DW1Grey[VHn8?ktzvoQtzlg;]&rh8g]CD+_BC7d[gW{Yx&_X*4Q$h&nJ l@t(|4R4:T='&]U#ui+z9OC$.~gJjU93kh:Ojc$Cz0n#I9!~!9ay?E<UlW&5,IFX1*KtA>MYEFst$y y"m]M7tq\S(>[a$x0x8%S
Cancel-Lock: sha1:foCH6SLI1Bnu1uhHsMdNC9k6xLk=
Xref: csiph.com comp.lang.java.security:274

Mon, 06 May 2013 02:10:37 -0700, /Roedy Green/:

> I read somewhere that the Reveton.N virus (a scareware virus that
> tries to extort money) see http://mindprod.com/jgloss/scareware.html
>
> used an Java Applet security hole to function.  It leaves an ordinary
> *.exe file on a Windows machine.
>
> I just got hit a second time. That suggests the exploit is still
> present in JDK 1.7.0_17  I think Oracle's "fix" was simply turning off
> all Applets by default.

Do you experience the same with 1.7.0_21?

-- 
Stanimir