Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Java Under Attack Again, Disable Now
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
1/15/2013 | 2:36:27 PM
re: Java Under Attack Again, Disable Now
No double standard. All software has flaws. This article is about Java, not about IE. You taking an opportunity to take a pot shot at MS is just plain annoying.

btw - the IE vulnerability has been patched at about the same time as Java 7 (with update 11).
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
1/14/2013 | 8:18:17 PM
re: Java Under Attack Again, Disable Now
My point is that several versions of IE have currently an unpatched zero-day vulnerability and nobody is screaming to disable IE now! Why the double standards?
LZM
50%
50%
LZM,
User Rank: Apprentice
1/14/2013 | 5:36:10 PM
re: Java Under Attack Again, Disable Now
...
and this is what happens when Open Source goes Corporate
...
Todd
50%
50%
Todd,
User Rank: Apprentice
1/13/2013 | 9:39:52 PM
re: Java Under Attack Again, Disable Now
You can't handle the truth son windows the worst OS out there hands down the worst operating system known to man it a joke!
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
1/13/2013 | 5:56:00 PM
re: Java Under Attack Again, Disable Now
I beg to differ on one point you made.
The Java programming language was developed BEFORE Javascript. JS is based in part on the Java programming language created by James Gosling at Sun Micro in the early 90's. Netscape developed Javascript and released it in 1995 in prototype form.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
1/13/2013 | 4:00:24 PM
re: Java Under Attack Again, Disable Now
Point of comprehension. I did not say that the two were one and the same. However, Java apps are downloaded and run with a browser. Right? So, disable the plugin for the browser and/or uninstall the framework altogether from Programs and Features.
Vance Morgan
50%
50%
Vance Morgan,
User Rank: Apprentice
1/13/2013 | 11:33:22 AM
re: Java Under Attack Again, Disable Now
99.9% of statistics are made up on the spot.
There are lies, damned lies, statistics, and then their are statistics from random people on the Internet.
Vance Morgan
50%
50%
Vance Morgan,
User Rank: Apprentice
1/13/2013 | 11:26:57 AM
re: Java Under Attack Again, Disable Now
Exactly, they are vastly different. JavaScript is a scripting language designed to enhance web sites. Nearly every web site uses JavaScript. This Disqus comment system uses JavaScript.

Java, on the other hand, was created AFTER JavaScript by an entirely different entity (Sun Microsystems at the time). It's purpose is quite different. The only thing similar between them is that they happen to both have "java" in their names.
Todd
50%
50%
Todd,
User Rank: Apprentice
1/13/2013 | 1:27:19 AM
re: Java Under Attack Again, Disable Now
People bottom line with viruses if your using Microsoft Windows your about 99.9% chance to get any virus on the internet. If you use Mac OS X your about 50% chance to get a virus. If you use Linux or Ubuntu your about 10% chance or lower to get a virus on the internet. I say do the math people.......
Dirty Harry
50%
50%
Dirty Harry,
User Rank: Apprentice
1/12/2013 | 9:40:09 PM
re: Java Under Attack Again, Disable Now
This is getting old! When is Java going to get it's act together regarding security issues? By the way, do I need to disable Java in the Java Control Panel or just as a Plug in?
Page 1 / 2   >   >>


More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).