Submitted by Sun Microsystems has fixed five security bugs in Java that expose computers running Windows, Linux and Solaris to hacker attack. In the meantime Apple also released a Mac OS X security update for apache_mod_ssl, CoreFoundation, CoreTypes, curl, iodbcadmin, OpenSSL, Safari, sudo, syslog. Elsewhere, computer code posted can crash vulnerable Windows machines by exploiting a “critical” Windows flaw disclosed and patched by Microsoft in October.
Sun Plugs Java Holes; Apple Security Updates; Windows Flaw
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
It’s interesting that the article covers patches from Sun and Apple, but fails to note that the Windows flaw has also been patched.
Hehe, wow, a news about month old ‘critical Windows flaw’. If the thing was patched why bother?
Because now some code was posted showing how to use that flaw. Thing is, many people still don’t upgrade regularly.
I understand that completly, but the thing i don’t understand is why it’s so “NEWS for OSNEWS”. Many others oses has flaws and were patched (lets leave out people who patched/didnt patched it) and nobody writes about that. I’m getting a feeling that somebody just wants to post something regard that he is payed, rises he’s recognition or sth. Well, it just pis**s me off.
Well, news.com did a story about it and it was well done. I made the decision of adding to an existing security-related story. If the rest of the security news were not published today, that one wouldn’t either. We try to avoid security news because both Thom and myself find them very boring. But today we had 2 of them, plus a news.com article about another one, and so we put them all together. There is nothing more or less to it. It’s just a security news update on stuff.
>just wants to post something regard that he is payed, rises he’s recognition or sth
I have no clue what you are saying here. This is not english.
I never see Thom posting such obvious anti-Windows flamebait … why does Eugenia?
People, operating systems aren’t perfect. Deal with it.
I’ve been running JRE 1.5 05, which is two minor revisions above the vunerable ones.
Isn’t this old news as well? Did you get stuck in a time warp?
It’s because some people don’t update regularly or not at all, as Eugenia pointed out.
I think most posters here at OSN have tried to clean up an infected system for our non-geek friends.
I don’t know what could be done to learn people how to protect their systems properly, since they just skip pass whatever you bring up on the desktop.
I think most posters here at OSN have tried to clean up an infected system for our non-geek friends.
For the most part, I don’t do that anymore. I just tell them what to do (don’t use Internet Explorer, regular Windows update, etc) and if they don’t do what I tell them to do, I don’t help them. Why not? It’s kind of like cleaning up after a dog who sh*ts on the floor. Unless you potty train him, he’s just going to do it all over again. And some end user refuse to be potty trained
You speak of flamebait with a name like that? Seriously dude, not to be insulting or anything, but that does generate a definite air of hypocrisy.
My name is more in jest than anything else. It only gets the most emotional of Linux zealots riled up, and then the fun begins! 😀
In other words, you freely admit that you’re a troll. Do you realize how immature this is? Do you realize that it makes impossible to take you seriously?
Why not contribute to the debate in a constructive, rather than constantly seek confrontation?
Of course I’m a troll — but that doesn’t mean I don’t have knowledge to share or interesting questions to ask.
You’re quite possibly the most closed-minded person I’ve come to know here. Is it comfortable so high up on that horse of yours?
Its good to raise awareness … since exploit has been made public. I’m sure some still run older VMs.
Its better to give everyone chance to upgrade, than face the scenario where people become victims.
True; the best way to improve security is be constantly on the back of end users, reminding them to update – like I say to all the people whose computers I fixed up – defrag regularly and check updates once a week; if you check atleast once a week, you avoid a massive download and most importantly, you keep your system as up to date as possible.
On, and in regards to the MacOS X update; I’ve got more software than one can shake a stick at on this laptop and iMac G5 – everything is working perfectly.
If you do have problems then the most likely cause are crappy third party hacks, cracks, work arounds etc. or software you haven’t patched with the latest updates.
Edited 2005-11-30 03:42
I love Linux Is Poo’s posts…there are zealots everywhere. When will people realize that software is a completely artifical construct…artificial science and hence inherently flawed! So stop getting all riled up people! We all know Windows is flawed…so is Linux and so is OS X and so is anything else.
> When will people realize that software is a completely artifical construct…artificial science and hence inherently flawed!
My point exactly. I have discussed this on numerous occasions. The people I write software for make decisions to leave buggy code in place, or unreadable code in place. Why? Because it would be too much risk to make changes. When you have clients, and the software has passed 98% of the tests; the current customers and bosses and marketing all get nervous if you propose changes. It’s flawed socially, not technologically.
I would disagree with you about the “inherently flawed” part. It’s only inherently flawed because we make it so. It depends on what the software is trying to accomplish. Do you think your calculator is flawed? Can you prove mathematically that it is (without talking about precision)? Software is also flawed sometimes because hardware is flawed. Why do I still have to program in the A20 line checks on x86 boxes? Bah, it’s all flawed, but not inherently.
Plus, I spend all my time trying to convince others that some features are needed. My classic quote is, “We can do that, it’s just software. It takes time, sure. It’s possible though, just schedule it in.”
I can’t wait till I write my own software from the ground up, at least then someone else can complain about wanting to make changes.
Of course, I work in big teams, I’ll have to join/start a small company for that.
Perhaps this refers to the fact that most software is not proven to be correct in a mathematical sense. Indeed most software development tools do not allow you to prove a program is correct, Worms and Viruses make use of unintended side effects. Perhaps pure functional languages would help the gifted to write correct software. So maybe the problem is that we have enabled average people to write average systems – when we should have spent the money getting exceptionaly clever people to write provably correct software with these hard to use functional languages instead.
Browser: Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240×320)
Regardless his defense is flawed. He chose the name to elicit a response and it worked. It does distract to no constructive purpose though, except to give him the attention he craves.
When half your posts are about your name and not the story then you are trolling for attention. Granted in a more subtle way than most.
Kokopelli
Browser: ELinks/0.10.5 (textmode; FreeBSD 6.0-RELEASE i386; 80×25-0)
may we consider every construct vulnerable, hackable, mallable.
therefore, there never is air tight securtiy
this catering to the huge exchange of business is preoccupying everyone with security.
Free the internet. Make no purchases there!
…at least not as much as this one:
http://secunia.com/advisories/15546/
Still unpatched, and can give let a malicious web page compromise a Windows machine that views it with Internet Explorer. From the Secunia advisory:
“The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2…”
Now I’ve got to warn all my Windows-using “family clients” to disable Active Scripting. Grrr…
Of course I’m a troll — but that doesn’t mean I don’t have knowledge to share or interesting questions to ask.
Too bad you choose not to. All you’re interested in is confrontation. Who wants to learn something from someone whose idea of fun is provoking people? Who’s interested in giving answers to someone whose idea of debate is limited to strawman arguments and ad hominem attacks.
You’re quite possibly the most closed-minded person I’ve come to know here. Is it comfortable so high up on that horse of yours?
Me? Close-minded? That’s really funny…you call out a troll for what he is, and then he calls you close-minded.
I’ve always been able to put forth my arguments in a reasonable manner, trying as much as possible to refrain from personal attacks (unlike you) and to keep a rational discourse.
I understand why you feel the need to attack me. After all, I’ve called you out for what you are (so much that you now admit it, while you were still denying it just a couple of days ago).
Carry on with your personal attacks. I’ll continue contributing to these comments section, I’ll continue to use Linux and Windows and express my opinion about both, debate with rational people, and call out trolls when I see them. I suggest you get your act together and start doing something more constructive than trolling.