Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Sun Java vulnerabilities

March 25th 2005 in Uncategorized

When we install a newer version of software that has been patched to lock out vulnerabilities, we expect to be safe, yes?

When it comes to Sun’s Java Runtime Environment, the answer is NO!!!!

Has your copy of Sun’s Java Runtime been updated recently?  I strongly recommend that you go to Add/Remove Programs and see how many versions you have installed (at 100+meg per version!)

Did you know that old versions of Java’s runtime are not overwritten when you update, and that malware designed to take advantage of java vulnerabilities can access those vulnerable older versions?  I ask you, what is the use of updating if the bad guys can come along and keep using the vulnerable old stuff anyway?  I can almost here them laughing.

Sun Java recommend in their FAQ that older versions of their JRE be kept on computers –   BAD ADVICE!!! 

Those of us who are lucky enough to have heard of http://sunsolve.sun.com, and know that Sun release Alert Notifications, and know how to find them, also know that Sun recommends that affected versions of the JRE be removed from a computer (see Docs 57707, 57740, 57708 and 57591)!

Bad advice – advice that is directly contradicted in the Alert Notifications – is being given to new users that are the primary audience and users of FAQs.  The FAQ needs to be rewritten to advise users to remove older versions of the JRE, unless there is a mission critical application that only runs on an older version.  If there is such a mission critical application, Sun should strongly recommend that said mission critical application be updated to be compatible with the latest version of the JRE.

Uninstall all those older versions of the Sun Java Runtime – go on- go and do it now.

Comments are closed.

A CALIFORNIA judge has ruled in favour of Apple Computer’s bid to find the source of trade secrets posted online, saying that websites were not protected by constitutional guarantees granted to journalists.
Santa Clara County Superior Court Judge James Kleinberg ruled Apple was entitled to find out the identities of sources of the leaked information about […]

Previous Entry

Yes, I know, it happened in the UK, not the USA, but it is still a warning to the wise…
“A LIBEL battle in London financial circles may have punctured the idea that posters to internet forums can remain anonymous“http://australianit.news.com.au/articles/0,7204,12688849%5E15306%5E%5Enbv%5E,00.html

Next Entry