Professor von Clueless in the Blunder Dome: Uh Oh: Time to Refresh Java

	Professor von Clueless in the Blunder Dome	status privacy contact
Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus. Atom Feed Associated Blogs Edge City Numbering Peano Orcmid's Lair Praxis101 Spanner Wingnut's Muddleware Lab Recent Items Open Source: Shrinking the Trust Surface Open-Source: How Trustworthy, How Secure? Trustworthy Software Security: How Do We Get There From Here? Zombie Planet: Spam and Phish Egg Harvesting Lost in Twisty Overlays All the Same: Peer Pressure To Engineer is to Tinker? A Feed Too Far Security is a Programming Problem? Ending the Madness: Deja Triple Vu Your%20Message%20Here Archives 2004-06-13 2004-06-20 2004-06-27 2004-08-29 2004-09-05 2004-09-12 2004-09-19 2004-10-10 2004-10-24 2004-11-07 2004-11-28 2004-12-05 2004-12-12	Thursday, October 28, 2004 Uh Oh: Time to Refresh Java F-Secure : New Java Applet Trojan. 2004-09-21: I've been slugging away building a Java development setup for the great Numbering Peano escapade. One part of demonstrating the grounding of code includes providing an account of the tools I used and the version of Java (J2SE 1.4.1 SDK 1.4.1_02) that you can confirm my tests with. I already knew that this build isn't supported any longer, and I was going to refresh anyhow as part of my XPSP2 upgrade, but now I've got a new problem: Security exploit against the Sun Java Runtime. Yippy Skippy. OK, after I send in my proposal to commence my M.Sc in IT Dissertation Project, I will do a refresh to the nearest higher-numbered release that doesn't have this flaw and reconfirm the little bit of code that I am using so far. The Sun Alert Notification is one year old, and the apparent reason that F-Secure mentions it now is because there is an exploit in the wild. Dangnabit. Then I need to check other Java Security Bulletins to see what else there is to upgrade beyond. Ah hah. Okey dokey. It looks like I need to be at 1.4.2_05 at least Java Runtime Environment May Allow Untrusted Applets to Escalate Privileges. 2004-09-21: Well, here's another vulnerability, in J2SE 1.4.2_04 and earlier (and some 1.4.1 and 1.4.0 builds too), so I might as well move higher. According to the 2004-08-02 bulletin, the safe move is upgraded t0 1.4.2_05. We'll just have to see about that. And now that I have delayed putting these clippings in my face where it will do some good, I must remember to get the latest information, again before I download updates. Oh, woe is me ... posted by orcmid at 10/28/2004 11:43:49 PM, rating data by NewsGator Online *Comments:* Yes, I do have a backlog of draft postings! This old one is here because it looked like the simplest thing I could do to force refresh with a new template that removes an annoyance (for me) and also tries out the rating system that NewsGator Online has introduced. # posted by orcmid: 10/29/2004 09:48:42 AM Well, no, 1.4.2_05 isn't safe either. It is necessary to move up to 1.4.2_06 according to http://jouko.iki.fi/adv/javaplugin.html which reports a vulnerability discovered before April 29 and now repaired. # posted by orcmid: 11/26/2004 03:37:20 PM Post a Comment

You are navigating the Blunder Dome

template created 2004-06-17-20:01 -0700 (pdt) by orcmid
$$Author: Orcmid $
$$Date: 05-01-22 13:41 $
$$Revision: 2 $