

Serious New Java Flaw Affects All Current Versions of Windows - eslifka
http://threatpost.com/en_us/blogs/serious-new-java-flaw-affects-all-browsers-040910

======
bilbo0s
I already commented on another one of these link bait articles here
<http://news.ycombinator.com/item?id=1253870>, but I'm reposting my comment
here. Just because I felt let down after having clicked through to get the
details on some 'juicy' new Java flaw. Only to find the reality to be less
serious than advertised. I don't like feeling duped.

BTW - The last article was called 'Javocalypse'. Now with a name like that,
when I test the exploit, it better deliver the goods.

I don't know.

That's just how I feel.

Anyway, here is the comment I left on that one:

\----

I love all these 'embarrassingly trivially exploitable issues' that require me
to set up my machine in just the right way to make them work. And for all that
effort, you can't even own the machine using the exploit.

What has it been? 15 years? and this is the best they can come up with for
java security holes?

You know, I don't like java, but the more stuff like this I read, the more I
have to admit that it is smart for enterprises to use it so heavily.

An interesting comparison might be to look at the number of java security
holes vs activex vs windowsxp vs apache vs iis vs php vs ruby vs (you get the
picture). Maybe group by client side and server side. That would give a real
'data based' look at software security quality.

Though I suspect that the jvm would be at the top of the 'security quality'
heap in both groupings. (ie-least number of holes). I think it would be
interesting to see nonetheless.

------
rickmode
Perhaps Sun didn't respond to the vulnerability because Sun doesn't exist
anymore.

