DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th June 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default 37 critical Java holes to be fixed today

From http://h-online.com/-1891593

Quote:
Oracle has published a pre-announcement of the fixes it plans to apply to Java SE in its critical patch update (CPU) due later today. The company says that 40 security fixes have been included and that, of those, 37 can be remotely exploited without the need for a username or password.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 19th June 2013
gpatrick gpatrick is offline
Shell Scout
 
Join Date: Nov 2009
Posts: 118
Thanked 0 Times in 0 Posts
Default

It is kind of funny that people are saying don't run Java because of the security problems with it, yet nobody says don't run Linux because of security problems.

Searching the US-CERT CVE and CCE Vulnerability database for Java and Linux:
Code:
	3-mo    3-yrs   all
Java    108	634	1925
Linux   130	873	4036
Does Java have problems, sure, but Linux has many more. So I call for everyone to stop using Linux because it is a security nightmare, and actually worse than Windows.

For comparison:
Code:
Windows	77	1229	3225
So please, all companies worldwide, and all individuals, stop using Linux because it is insecure.

Last edited by gpatrick; 19th June 2013 at 12:05 PM.
Reply With Quote
  #3   (View Single Post)  
Old 20th June 2013
Ninguem Ninguem is offline
Shell Scout
 
Join Date: Jun 2011
Posts: 138
Thanked 0 Times in 0 Posts
Default

Everything is insecure at some level.
__________________
No signature
Reply With Quote
  #4   (View Single Post)  
Old 20th June 2013
thirdm thirdm is offline
Package Pilot
 
Join Date: May 2009
Posts: 200
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by Ninguem View Post
Everything is insecure at some level.
No doubt, but is the quantification and severity assessment of the problems so unimportant?

Rather than compare Java to Linux, it would be interesting to compare it to C#. The two runtimes must be very similar. The languages started out only trivially different as far as I can tell, though perhaps they're starting to diverge. The included class libraries are nearly equally immense (and similar?). So if the security record is vastly different it might say something, either about the abilities of the implementers and maintainers, their release and QA process, or about how hard and skillfully the world is looking for flaws.

For another conclusion drawn from Java's horrible record, see here:

"Bjarne: I do not consider it the job of a programming language to be “secure.” Security is a systems property and a language that is – among other things – a systems programming language cannot provide that by itself. C++ offers protection against errors, rather than protection against deliberate violation of rules. C++11 is better at that than C++98, but the repeated failures of languages that did promise security (e.g. Java), demonstrates that C++’s more modest promises are reasonable. " -- https://www.informit.com/articles/ar...up&WT.rss_ev=a
Reply With Quote
  #5   (View Single Post)  
Old 23rd June 2013
Ninguem Ninguem is offline
Shell Scout
 
Join Date: Jun 2011
Posts: 138
Thanked 0 Times in 0 Posts
Default

That to which gpatrick refers is for all reported linux ditributions.
  1. Does it state which distribution version is affected? No.
  2. Does it state which kernel version is affected? No.
  3. Does it state the severity of the problem or if the problem was solved? No.

It would be helpful and more informative if the data regarding the patches which worked and the time between the discovery of the holes & patching was displayed.

Java is can be installed on all systems and can be ported to unsupported architectures and systems using NFS export from a system that has Java support. It would be better to compare Java to Python and Perl than to Linux and Windows.

You are right in stating that security problems should be voiced and printed; however, an analogy should be of the same class and type.
Peaches to apricots and oranges to lemons- pit fruits compared and citrus fruits compared- rather than apples to oranges, you know?
__________________
No signature
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Firefox 18 and Thunderbird 17.02 close critical holes J65nko News 0 9th January 2013 01:39 PM
Security Mozilla closes 6 critical holes in Firefox J65nko News 0 21st November 2012 08:37 PM
Security Mozilla closes numerous critical holes in Firefox 16 J65nko News 0 10th October 2012 09:48 PM
Security Critical PHP vulnerability being fixed J65nko News 1 3rd February 2012 01:27 PM
phpMyAdmin updates patch critical holes J65nko News 1 6th July 2011 10:05 AM


All times are GMT. The time now is 02:02 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick