Re: [Fed-Talk] Java
Re: [Fed-Talk] Java
- Subject: Re: [Fed-Talk] Java
- From: Ron Colvin <email@hidden>
- Date: Wed, 16 Oct 2013 15:37:16 -0400
The security model for home routers and
printers is in some ways even worse, can you say permanent
backdoor with a default password and port. The difference is the
sheer amount of Java exploit code that can escape the confines of
the browser and the Java Sandbox. In many ways I don't care what
is the least secure development language. I really care about what
is getting exploited and likely to hit my users.
On 10/16/13 3:27 PM, David Solin wrote:
I agree completely.
If you think the security model in Java is full of holes, you
should take a look at C. C lets you write data to literally any
location in memory!
Can we all please start to distinguish between Java the platform,
and Java the browser plug-in?
On 10/16/2013 2:12 PM, Blumenthal,
Uri - 0558 - MITLL wrote:
On 10/16/13 14:51 , "David Emery" <email@hidden> wrote:
USAA recently offered a 'enhanced security feature' that on the Mac
required Java. I told them in no uncertain terms "you must be crazy!
Aren't you paying any attention to the fact that Java has been the attack
vector for most of the attacks on the Mac this year?"
This logic seems akin to "Applications have been the attack vector, so you
must be crazy to deploy/allow/use them".
The problem is not with Java per se, IMHO.
I find _javascript_ far more offensive security-wise, and yet all the sites
I'm aware of proliferate it as if there's no tomorrow.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
********************************************************
Ron Colvin CISSP, CAP, CEH
Certified Security Analyst
NASA - Goddard Space Flight Center
<email@hidden>
Direct phone 301-286-2451
NASA Jabber (email@hidden) AIM rcolvin13
NASA LCS (email@hidden)
********************************************************
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden