[CentOS] New java update?

Tue Mar 5 22:38:52 UTC 2013
Les Mikesell <lesmikesell at gmail.com>

On Tue, Mar 5, 2013 at 4:20 PM, John R. Dennison <jrd at gerdesas.com> wrote:
>>
>> sad, really, as one of Java's original goals was to be a completely
>> sandboxable environment.
>
> I was just discussing this very issue with someone the other day.  That
> was such a huge marketing factor in the beginning.  And we waited.  And
> waited.  And waited.  And it never materialized.

Of course it didn't when big companies like Microsoft and Red Hat
shipped incompatible competing versions making the code not portable.

>> I wonder...  is Java really getting worse, or is it that the hackers are
>> getting more sophisticated and finding ever more fiendish ways of
>> violating systems  ?
>
> I think it's sort of a little of both.  Tools and people are getting better
> and the people maintaining Java aren't getting any better.

I'm cynical enough to believe that most code has intentional backdoors
that for various reasons eventually leak out and have to be fixed.
And hackers are incredibly sophisticated these days.  Even in the
Centos 5.3 era I saw URL attacks in the wild that would use a spring
(java lib) bug to execute commands to trigger the kernel's root
escalation bug.

-- 
  Les Mikesell
     lesmikesell at gmail.com