On mySimon: Freeplay Jonta Flashlight
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 24 of 47:
Next »
« Previous
You just proved me right
... by providing actual detail, which the article did not.

I stand corrected on Java 6.

And here, as detailed in the link, are the patches to fix the vulnerability:

"The first issue is addressed in the following releases (for Windows,
Solaris, and Linux):
* JDK and JRE 6 Update 1 or later
* JDK and JRE 5.0 Update 11 or later
* SDK and JRE 1.4.2_15 and later

The second issue is addressed in the following releases (for Windows,
Solaris, and Linux):
* JDK and JRE 6 Update 1 or later
* JDK and JRE 5.0 Update 11 or later
* SDK and JRE 1.4.2_15 and later
* SDK and JRE 1.3.1_20 or later

Java SE 6 Update 1 is available for download at the following link:

http://java.sun.com/javase/downloads/index.jsp"

Also, the link details exactly what the vulnerability is:

"A buffer overflow vulnerability in the image parsing code in the Java
Runtime Environment may allow an untrusted applet or application to
elevate its privileges. For example, an applet may grant itself
permissions to read and write local files or execute local
applications that are accessible to the user running the untrusted
applet.

A second vulnerability may allow an untrusted applet or application to
cause the Java Virtual Machine to hang.

Sun acknowledges, with thanks, Chris Evans of the Google Security
Team, for bringing these issues to our attention."

Now, if the article actually provided this stuff, I would not have called FUD. Instead, it provided nothing, other than "Java flaw poses widespread security threat".

Now, if the article were a blog, I would not have cared. Blogs are for people to shoot their mouths off with.

But this was a news article, therefore it should be held accountable for a higher level of journalistic integrity, like substantiating it's rather inflammatory headline (by explaining what the flaw is), and providing people with the information they need to patch their Java installs.

I never disputed whether their was a flaw. But the article was less than useless, and spreading inflammatory FUD.

And it's not about defending Java, per se. Java, like all software, can have bugs and security flaws. No software is immune to it - not Java, not .Net, not Windows, not Linux, and so on.

But the tone of the article, and it's appalling lack of details, was clearly trying to make look worse for Java than the flaw really was, IMHO.
Posted by: super_J   Posted on: 07/13/07 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Article needs more detail...  mrlinux | 07/13/07
Why?  No_Ax_to_Grind | 07/13/07
duh...  JustAMuggle | 07/13/07
Ah, you may be right. (nt)  No_Ax_to_Grind | 07/13/07
Check again  gtdavies33@... | 07/13/07
I'm sure it's only java on windoze  Linux Geek | 07/13/07
I use linux too..  birdofire@... | 07/13/07
Message has been deleted.  Linux User 147560 | 07/13/07
Of course it was deleted  Linux User 147560 | 07/13/07
That's M$ long hand censoring you!  Linux Geek | 07/13/07
You are "sure". Ummm, can you read?  No_Ax_to_Grind | 07/13/07
excellent comment  mighetto | 07/13/07
Message has been deleted.  Yagotta B. Kidding | 07/13/07
hehehe. 9.5 wink  PB_z | 07/13/07
You're so right  Boot_Agnostic | 07/16/07
I use NOSCRIPT in firefox  galileon | 07/13/07
JavaScript is not Java  Fred Fredrickson | 07/15/07
NoScript  JDThompson | 07/16/07
Too late..  balazsa | 07/13/07
do us a favor...  Monkey_MCSE | 07/13/07
Yes, like the Monkey said...  Linux User 147560 | 07/13/07
Article is pure FUD from from MS lapdog ZDNet  super_J | 07/13/07
Wrong  Schnazzer | 07/13/07
You just proved me right  super_J | 07/13/07
The article actually did  Greenknight_z | 07/17/07
Since ZDNET is a lapdog, leave this board  BXLE | 07/13/07
Naw, it's too entertaining  super_J | 07/13/07
Disappointment in Iphone; Solution to Java flaw already implemented.  mighetto | 07/13/07
Apple responds - kind of. Who is Luke? Is the force with him?  mighetto | 07/13/07
Java flaw poses widespread security threat  RickC998 | 07/13/07
The problem doesn't threaten me  Knorthern Knight | 07/13/07
Java is solution for multi-core multiprocessor speed  mighetto | 07/13/07
Your reasoning is incorrect  John Zern | 07/13/07
Titanium to you Zern  mighetto | 07/13/07
You're either...  wolf_z | 07/14/07
Yo, Frank...  Linux User 147560 | 07/13/07
Amen Brother  mighetto | 07/13/07
Novels  greybeardtechie | 07/16/07
Java is a solution for speed alright...  Knorthern Knight | 07/14/07
Here is the real bug info  jmanico | 07/13/07
install Java 6 update 2  jmanico | 07/13/07
PRAISE JAVA!  jmanico | 07/13/07
Hee Hee  mighetto | 07/13/07
reportage below minimum standards = FUD  wti | 07/13/07
is is this Sun advisory???... (so many to choose from)  wti | 07/13/07
Update 2 is a dog  Greenknight_z | 07/17/07
Yep patched  Boot_Agnostic | 07/17/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

IT Solutions for 2010

  • Get cost-effective strategies and roadmaps on the most important issues facing IT leaders in 2010! Learn how to easily cut costs and deliver greater efficiency starting with your database, IT compliance management and data center. Visit the IT Leaders Dashboard. Visit the IT Leaders Dashboard.
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline