Barney's Blog

Blog archive

New Java Flaw Found

Oracle now knows what it feels like to be Microsoft. Security experts are constantly finding flaws in Microsoft software and telling the world all about them.

Well, last week Oracle thought it had fixed a well-publicized problem in Java, one that had some advising end users to just stop using Java altogether. Instead of offering a round of applause, researchers told the world of a flaw found inside the supposedly fixed version.

Fortunately, the researchers had the good sense to hold off publishing actual details of the flaw until Oracle has a "proof of concept" fix.

My question is, why publish them then? Not all machines will be patched with this proof of concept fix. Any idiot can take what the researcher publishes and attack unpatched machines.

Am I missing something? If so, corrections readily accepted at dbarney@redmondmag.com.

Posted by Doug Barney on 09/10/2012 at 1:19 PM


comments powered by Disqus

Reader Comments:

Mon, Sep 10, 2012 College Dad Central NY State

Irrespective of the fact that Java at the PC is "free", Oracle has a moral & ethical obligation to fix this NOW! I have 95 PC's and there's just one of me. Nevermind that Java update is woefully unreliable, left to itself I would have 50 point versions spread across my machines, but having to go from machine to machine and install a critical update or uninstall Java is a big deal. This latest bug, in the patch that was supposed to fix the bug, is unacceptable. Not because software will ever be perfect, but because it is a result of Oracle (and Sun before them) taking the attitude that they will plod along at a leisurely pace and deal with what comes up at that same leisurely pace. I'm really stuck, almost all of my machines require Java in order for people to do their work so the best that I can do is to insure that each machine is on the latest release even if there is still a dangerous, known bug.If it was up to me we would toss EVERY Java app tomorrow and uninstall Java immediately thereafter.

Mon, Sep 10, 2012 steve baltimore, md

Doug, It's really very simple. Until the flaws were publicized, vendors didn't attempt to fix them. Now they are embarrassed into fixing the problems because, if they don't, they have a product liability problem (all the legalese notwithstanding). Ultimately, vendors may get sufficiently embarrassed to build software correctly, so that these vulnerabilities cannot occur. In contrast, does Apple have fewer vulnerabilities because fewer people are attacking (an admittedly smaller surface) or because there's a better job being performed keeping the software coherent and clean?

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.