What happened to sun & java?
in [General Linux]
|
Prev: Pan Signature
Next: Re (2): What am I doing wrong ?
From: blmblm on 9 Jul 2010 08:04 In article <i0rm0e0q2f(a)news2.newsguy.com>, David H. Lipman <DLipman~nospam~@Verizon.Net> wrote: > From: "Aragorn" <aragorn(a)chatfactory.invalid> > > | On Monday 05 July 2010 00:29 in comp.os.linux.misc, somebody identifying > | as David H. Lipman wrote... [ snip ] > I just hope Oracle and get the people at Sun to secure JRE. It is been theo source or > many and infected computer due to its many vulnerabilities and subsequent exploitation. Can you point me to a good source of information about these vulnerabilities and exploitation? I did a quick Google search on Java and "security hole" and found some mentions of exploitable flaws in implementing Java's security model [*], but to me they didn't seem to be adding up to "many vulnerabilities". What did I overlook? [*] At least it *has* one, though I suppose one could make a case for the notion that a badly-implemented security model might be worse than none at all, in that it generates a false sense of safety. Not trying to start a flame war here -- trying to fill in possible gaps in my own knowledge! -- B. L. Massingill ObDisclaimer: I don't speak for my employers; they return the favor.
From: David H. Lipman on 9 Jul 2010 17:00 From: <blmblm(a)myrealbox.com> | In article <i0rm0e0q2f(a)news2.newsguy.com>, | David H. Lipman <DLipman~nospam~@Verizon.Net> wrote: >> From: "Aragorn" <aragorn(a)chatfactory.invalid> >> | On Monday 05 July 2010 00:29 in comp.os.linux.misc, somebody identifying >> | as David H. Lipman wrote... | [ snip ] >> I just hope Oracle and get the people at Sun to secure JRE. It is been theo source or >> many and infected computer due to its many vulnerabilities and subsequent >> exploitation. | Can you point me to a good source of information about these | vulnerabilities and exploitation? I did a quick Google search on Java | and "security hole" and found some mentions of exploitable flaws in | implementing Java's security model [*], but to me they didn't seem | to be adding up to "many vulnerabilities". What did I overlook? | [*] At least it *has* one, though I suppose one could make a case for | the notion that a badly-implemented security model might be worse | than none at all, in that it generates a false sense of safety. | Not trying to start a flame war here -- trying to fill in possible | gaps in my own knowledge! You can start with the ByteVerify exploit F**K ! Dead http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1 "Book marks to the legacy Sun Alert: : http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1 are no longer available and SunSolve will report the document is not found. As the mapping to the new system does not exit. To find this SunAlert, searching on the keywords or the original title, for example, Security Vulnerability in the Sun Java Web Console May Allow Access to Privileged on SunSolve will provide the new link: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001060.1-1 " http://isc.sans.edu/diary.html?storyid=2088 http://www.us-cert.gov/cas/alerts/SA08-340A.html http://search.us-cert.gov/search?q=sun+java&btnG.x=0&btnG.y=0&btnG=Go&entqr=0&ud=1&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=default_frontend&proxystylesheet=default_frontend&site=default_collection -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Richard Kettlewell on 9 Jul 2010 17:13 Robert Heller <heller(a)deepsoft.com> writes: > As a side note: C# / .NET are Micro$loths 'replacements' for Java and > the JRE/JDK (C# is a kind of embrace-and-extend fork of Java). In > *theory* C# is just like Java: compile once, run anywhere [you have a > run-time environment]. '.NET' is the M$ Run Time environment for C#. > And there is something called Mono, which is a Linux run-time > environment that will run .NET (C#) applications. There isn't (AFAIK) > a Linux-based C# compiler / development kit. Mono includes a C# compiler. > One can develop a C#/.NET application (under MS-Windows) and then run > it (using Mono) under Linuqx, but I don't think anyone really bothers > to run C# programs anywhere by under MS-Windows. C# is effectively > (in practice) as platform-specific as VB. Or Visual C++. Current Ubuntu includes several applications written C#, e.g. f-spot and tomboy. -- http://www.greenend.org.uk/rjk/
From: Eef Hartman on 11 Jul 2010 06:34 In alt.os.linux.slackware Richard Kettlewell <rjk(a)greenend.org.uk> wrote: > Current Ubuntu includes several applications written C#, e.g. f-spot and > tomboy. Current and recent openSUSE releases do also, like the Banshee mediaplayer, the Kerry/Beagle home dir indexer and several others -- ****************************************************************** ** Eef Hartman, Delft University of Technology, dept. SSC/ICT ** ** e-mail: E.J.M.Hartman(a)tudelft.nl - phone: +31-15-27 82525 ** ******************************************************************
From: blmblm on 22 Jul 2010 12:48
In article <i182ho0v9t(a)news4.newsguy.com>, David H. Lipman <DLipman~nospam~@Verizon.Net> wrote: > From: <blmblm(a)myrealbox.com> > > | In article <i0rm0e0q2f(a)news2.newsguy.com>, > | David H. Lipman <DLipman~nospam~@Verizon.Net> wrote: > >> From: "Aragorn" <aragorn(a)chatfactory.invalid> > > >> | On Monday 05 July 2010 00:29 in comp.os.linux.misc, somebody identifying > >> | as David H. Lipman wrote... > > | [ snip ] > > >> I just hope Oracle and get the people at Sun to secure JRE. It is been theo source or > >> many and infected computer due to its many vulnerabilities and subsequent > >> exploitation. > > | Can you point me to a good source of information about these > | vulnerabilities and exploitation? I did a quick Google search on Java > | and "security hole" and found some mentions of exploitable flaws in > | implementing Java's security model [*], but to me they didn't seem > | to be adding up to "many vulnerabilities". What did I overlook? > > | [*] At least it *has* one, though I suppose one could make a case for > | the notion that a badly-implemented security model might be worse > | than none at all, in that it generates a false sense of safety. > > | Not trying to start a flame war here -- trying to fill in possible > | gaps in my own knowledge! > > You can start with the ByteVerify exploit A belated "thank you" for taking the trouble to provide some links. It does look like there are more bugs than I might have suspected. I didn't find anything that to me supports a claim that these bugs (some of them fairly old) have been responsible for "many an infected computer", but maybe I didn't read carefully enough, and maybe my standards are lower than yours. <shrug>, maybe. > F**K ! > > Dead > http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1 > > http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1 > > http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1 > > "Book marks to the legacy Sun Alert: : http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1 > are no longer available and SunSolve will report the document is not found. As the mapping > to the new system does not exit. > To find this SunAlert, searching on the keywords or the original title, for example, > Security Vulnerability in the Sun Java Web Console May Allow Access to Privileged on > SunSolve will provide the new link: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001060.1-1 > " > > > http://isc.sans.edu/diary.html?storyid=2088 > > http://www.us-cert.gov/cas/alerts/SA08-340A.html > > http://search.us-cert.gov/search?q=sun+java&btnG.x=0&btnG.y=0&btnG=Go&entqr=0&ud=1&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=default_frontend&proxystylesheet=default_frontend&site=default_collection > -- B. L. Massingill ObDisclaimer: I don't speak for my employers; they return the favor. |