Re: New java update?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Mar 5, 2013 at 4:20 PM, John R. Dennison <jrd@xxxxxxxxxxxx> wrote:
>>
>> sad, really, as one of Java's original goals was to be a completely
>> sandboxable environment.
>
> I was just discussing this very issue with someone the other day.  That
> was such a huge marketing factor in the beginning.  And we waited.  And
> waited.  And waited.  And it never materialized.

Of course it didn't when big companies like Microsoft and Red Hat
shipped incompatible competing versions making the code not portable.

>> I wonder...  is Java really getting worse, or is it that the hackers are
>> getting more sophisticated and finding ever more fiendish ways of
>> violating systems  ?
>
> I think it's sort of a little of both.  Tools and people are getting better
> and the people maintaining Java aren't getting any better.

I'm cynical enough to believe that most code has intentional backdoors
that for various reasons eventually leak out and have to be fixed.
And hackers are incredibly sophisticated these days.  Even in the
Centos 5.3 era I saw URL attacks in the wild that would use a spring
(java lib) bug to execute commands to trigger the kernel's root
escalation bug.

-- 
  Les Mikesell
     lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux