This content has been marked as final. Show 8 replies
Just because the initial domain "is no longer alive" that doesn't mean that there wont be hundreds of other domains crop up as soon as the exploit starts selling on the black market.
Yes, this is a very serious threat and should not be taken lightly. I for one have reverted back to Java 6 u 34 as it is not (yet) vulnerable and if it were up to me completely i would uninstall java totally.
My question is, for a product that claims to be used on 3 billion devices...why would Oracle ignore the fact that Java is one of the most attacked and exploitable software products in the world?
You would think that they would have a security team releasing "Zero Day patches" rather than working off of a quarterly update cycle.
I think that does its customers a great disservice. Oracle, if you have any sense you will start hiring people to monitor exploits and start releasing updates as soon as they surface if you want people to continue using your technology.
Its a good thing HTML5 and other web technologies are winning out with most companies these days, otherwise we would all be screwed.
Here are some additional articles that you might find interesting
956092 wrote:I'm sure someone has seen some issue. New versions are there with a reason: to fix stuff. And also screw up existing stuff of course.
I have had one client disable Java, thus disabling access to the application they need to use. Has anyone seen issues with lowering the Java version?
Give the thread up - it is not going anywhere because this is not Oracle support. All you'll get is wild speculation and heated emotional statements - neither of which are in any way useful or something you can quote. Its really a shame that Oracle keeps silent, but its something we all have to live with unfortunately. This is certainly nothing new - not for Oracle and not for large multinational corporations in general.
It may be a User Forum but it is/has Oracle at the header of the page.
It is sponsored by Oracle and therefore it is incumbent on them to take note of the content even if it hurts.
As for the exploit, yes it is something to be concerned about and it is something Oracle should be advising Java users on as SOON as it is aware of an issue affecting end users security.
They are responsible for the product regardless of price (it is 'sold' free of charge) and it still comes under Sale of Goods and Services regardless of any acceptance of agreement of use, it has to be fit for purpose.
Therefore they must be PROACTIVE in informing users of how to protect themselves and how long it will be before a patch is released. 6 months is UNACCEPTABLE!
It is sponsored by Oracle and therefore it is incumbent on them to take note of the content even if it hurts.Assuming they read it. 'Even if it hurts' is irrelevant: mere phrase-making. You can rant all you like but you can't make Oracle read this. You're having enough trouble getting me to read it.
They are responsible for the product regardless of price (it is 'sold' free of charge) and it still comes under Sale of Goods and Services regardless of any acceptance of agreement of use, it has to be fit for purpose.I doubt it. No payment, no contract, no sale. You should take that up with their lawyers, not this forum.
Instead of fantasizing in the wrong place about what Oracle should and should not do, I suggest you file a bug report.
Locking this thread.