On Tue, Mar 5, 2013 at 4:20 PM, John R. Dennison <jrd at gerdesas.com> wrote: >> >> sad, really, as one of Java's original goals was to be a completely >> sandboxable environment. > > I was just discussing this very issue with someone the other day. That > was such a huge marketing factor in the beginning. And we waited. And > waited. And waited. And it never materialized. Of course it didn't when big companies like Microsoft and Red Hat shipped incompatible competing versions making the code not portable. >> I wonder... is Java really getting worse, or is it that the hackers are >> getting more sophisticated and finding ever more fiendish ways of >> violating systems ? > > I think it's sort of a little of both. Tools and people are getting better > and the people maintaining Java aren't getting any better. I'm cynical enough to believe that most code has intentional backdoors that for various reasons eventually leak out and have to be fixed. And hackers are incredibly sophisticated these days. Even in the Centos 5.3 era I saw URL attacks in the wild that would use a spring (java lib) bug to execute commands to trigger the kernel's root escalation bug. -- Les Mikesell lesmikesell at gmail.com