Thursday, January 10, 2013

Insecure Mess

The mess is not (as some might imagine) us, or anyone we've dated, but Oracle's Java.
"Java is a mess. It's not secure," said Jaime Blasco, Labs Manager with AlienVault Labs. "You have to disable it."
Off w/ its head!

Also, too.

5 comments:

BadTux said...

There is no such thing as a secure computer programming language. There is only secure programs, and insecure programs. The problem with Java is that people enable it in their web browsers, which in turn allows strangers to run programs on your computer. Which is sort of like allowing random strangers you run into at sleazy bars to have sex with you... sure, it might be entertaining, but eventually you're gonna catch something nasty even if you're using protection.

- Badtux the Geeky Penguin

OBS said...

Yeah, the Java plugin in the browser is just stupid. I write lots of Java. I don't write, and I don't know anybody else that writes Java that needs the browser plugin anymore -- that's so 1998.

Substance McGravitas said...

Disabled Java is still a headache on certain sites, this the NoScript. Which is its own headache.

BadTux said...

Substance, do not confuse Java and JavaScript. Java is needed for very few sites. The scripting language turned off by NoScript, "JavaScript", whose proper name is ECMAScript (the term "JavaScript" is a trademark of Sun Microsystems/Oracle that they apply to their version of ECMAScript and cannot be used without their permission), has nothing to do with Java -- it is an entirely different computer language with entirely different problems.

bjkeefe said...

Apple just blacklisted Java on OS X, in case you haven't heard.

I have not had Java (or at least the browser plugin) installed on any of my PCs since forever plus four months, and I still can't think of any site that I visit where that's been an issue at all.