Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 183
Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 183
- Subject: Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 183
- From: David Solin <email@hidden>
- Date: Wed, 16 Oct 2013 14:27:43 -0500
- Organization: jOVAL
I agree completely.
If you think the security model in Java is full of holes, you should
take a look at C. C lets you write data to literally any location
in memory!
Can we all please start to distinguish between Java the platform,
and Java the browser plug-in?
On 10/16/2013 2:12 PM, Blumenthal, Uri
- 0558 - MITLL wrote:
On 10/16/13 14:51 , "David Emery" <email@hidden> wrote:
USAA recently offered a 'enhanced security feature' that on the Mac
required Java. I told them in no uncertain terms "you must be crazy!
Aren't you paying any attention to the fact that Java has been the attack
vector for most of the attacks on the Mac this year?"
This logic seems akin to "Applications have been the attack vector, so you
must be crazy to deploy/allow/use them".
The problem is not with Java per se, IMHO.
I find _javascript_ far more offensive security-wise, and yet all the sites
I'm aware of proliferate it as if there's no tomorrow.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden