ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Java Update on Tuesday

<< < (4/5) > >>

Renegade:
But yeah, it's whOracle - #2 on my list of really evil software companies, where crApple still reigns supreme.
-f0dder (January 16, 2013, 02:09 AM)
--- End quote ---

WHahahaha! ;) Very subtle. Almost CRied laughing! :D

Who is #3?

why would that be any different from the technetwork page?
-Tinman57 (January 17, 2013, 07:20 PM)
--- End quote ---

Because the more dev-oriented types probably wouldn't want the dratted thing, and it's generally poor practice to tick off your developers?

Of course, Joe User apparently doesn't mind toolbars... (have we had a poll asking the most toolbars you've had to clean off someone's pc?)

-x16wda (January 17, 2013, 07:32 PM)
--- End quote ---

Excellent observation.  :up:

xtabber:
The exploits in question only affect JDK 7, not JDK 6, which is much more secure, to say nothing of more stable.  Although Oracle is threatening to stop upgrades for jre6 in the near future, there is no reason that I can see for the vast majority of users to "upgrade" to jre7.

Also, these exploits only affect in-browser user, so there is no reason to dump any software that is written in Java and runs on your local system, rather than in a browser.

mwb1100:
And then it finally clicked, this is the Developers Kit, which is the one that I, and most ordinary folks don't want or need.
-Tinman57 (January 17, 2013, 07:45 PM)
--- End quote ---

On the 'developer download'  page there are download buttons for various things like the JDK, which is the developer kit, JavaFX (I don't know what this is - examples?), and other things.

You'll want the JRE download, which is just the Java runtime.

f0dder:
WHahahaha! ;) Very subtle. Almost CRied laughing! :D
Who is #3?
-Renegade (January 17, 2013, 08:15 PM)
--- End quote ---
At the moment (well, for a pretty long time), Microsoft. The list is based on a mix of evilness, douchebaggery, (wrong) public opinion, and market influence.

The exploits in question only affect JDK 7, not JDK 6, which is much more secure, to say nothing of more stable.-xtabber (January 18, 2013, 08:53 AM)
--- End quote ---
Ah yes, there were never any exploits for Java 6?

If you have the Java browser plugin, no matter which version, you shouldn't feel safe. End of story.

Also, these exploits only affect in-browser user, so there is no reason to dump any software that is written in Java and runs on your local system, rather than in a browser.-xtabber (January 18, 2013, 08:53 AM)
--- End quote ---
True - no reason to dump Eclipse or Minecraft, you just need to get rid of the browser plugin :). Sure, there's very likely other security holes in the JRE, but if an attacker has reached the level where he's going to compromise non-browser JRE, you've got more serious security issues.

Tinman57:
  And then......

Latest Java Update Broken; Two New Sandbox Bypass Flaws Found
Expect the roar from security experts urging users to abandon Java to reach ear-splitting levels after reports this morning that new sandbox bypass vulnerabilities are present in the latest Java update.
--- End quote ---

http://threatpost.com/en_us/blogs/latest-java-update-broken-two-new-sandbox-bypass-flaws-found-011813

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version