This discussion is archived
3 Replies Latest reply: Oct 19, 2012 1:15 AM by gimbal2 RSS

javas latest security woes

873216 Newbie
Currently Being Moderated
I love Java but I'm sick of Oracles sloppy security. Seems every few months we hear about another exploit. The latest may be the worst. But I need java on my web site. I just don't see any alternatives. Javascript is too limited. So is actionscript.
I don't yet know anything about HTML5 but I doubt it has the power of Java. And I need applets that will run on Windows, OSX, and Linux. That narrows my choices down to 1 language, Java.
Is there an alternative Java Plugin I can encourage my users to install that is more secure than the one from Oracle?
Thanks
  • 1. Re: javas latest security woes
    Kayaman Guru
    Currently Being Moderated
    apchar wrote:
    I don't yet know anything about HTML5 but I doubt it has the power of Java.
    It's quite powerful. Even more powerful than Java applets, depending on what you're doing.
    Is there an alternative Java Plugin I can encourage my users to install that is more secure than the one from Oracle?
    You could try the openjdk plugin.
  • 2. Re: javas latest security woes
    969460 Newbie
    Currently Being Moderated
    I just scan my PC (Windows7) by Microsoft Security Essentials and for the first time it returned with the following result:
    Exploit:Java/CVE-2012-1723.AIH
    Exploit:Java/CVE-2012-1723.AHS
    Exploit:Java/CVE-2012-1723.AIG
    Exploit:Java/CVE-2012-1723.AHP
    Exploit:Java/CVE-2012-1723.AGZ
    Exploit:Java/CVE-2012-1723.AHZ

    Any Exploit have sited to:
    containerfile:C:\Users\Samsung\AppData\Local\Sun\Java\Deployment\cache\6.0\48\56dd1c70-7811d4ad
    file:C:\Users\Samsung\AppData\Local\Sun\Java\Deployment\cache\6.0\48\56dd1c70-7811d4ad->magica/magicb.class

    M.S:E. evaluate Higt Dangerouse the Exploit and the action maked was to remove the Exploits.

    Is it true positive Exploit or is it false-positive Exploit?
    Can the attacker confonding Us for necessary update of Java and injecting Malware?

    Oracle seem do not have any address for reporting thi accidents!
  • 3. Re: javas latest security woes
    gimbal2 Guru
    Currently Being Moderated
    966457 wrote:
    Oracle seem do not have any address for reporting thi accidents!
    They do, when you are a paying customer.

    This is a programming forum, Google is a better place to look for information about possible exploits.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points