Serious security flaw in JAVA

[jos]

The latest version of Java, 1.8, has a major zero-day security flaw that hackers are actively using. In this case, the hackers are a group called Pawn Storm, and they're specifically targeting NATO members and an unnamed U.S. defense organization.

 

However, just because Pawn Storm is using this flaw for targeted attacks doesn't mean you won't get caught up in it. Once other hackers figure it out, they'll use it to target anyone they can.

 

Like most Java flaws, the attack relies on directing a victim to a malicious site. The site triggers Java in the browser and uses the security flaw to run hacker-created code that takes over the computer or forces it to download viruses.

 

 

 

JAVA had huge security flaws back in 2013. Then the developers cleaned up JAVA and it has been 2 years since an attack like this occured. Adobe flash dethroned JAVA for such attacks ever since..

 

Source: http://www.komando.com/happening-now/316281/serious-security-flaw-disable-java-now/2

[Nowak]

Another Java security flaw? No way!

[ObeseWalrus]

Java is one big security flaw...

[DarkEnergy]

Nothing new here.

[pspfreak]

Hey, if you see a java popup, READ WHERE IT CAME FROM! DONT JUST FUCKING CLICK RUN. Done. Problem solved.

[Syntaxvgm]

I just remember everyone, just a few years ago, saying learning java was the way to go for career seekers, and that's where the jobs would be

 

 

 

 

and called me stupid when I said that wasn't gonna happen 

[patrickjp93]

One more reason everyone should just build in C++. It's easier to build security if everyone's just using one language anyway.

[Suffokation]

Why do Java programmers need glasses?

Because they can't C#.

( ͡° ͜ʖ ͡°) 

[patrickjp93]

I just remember everyone, just a few years ago, saying learning java was the way to go for career seekers, and that's where the jobs would be

 

 

 

 

and called me stupid when I said that wasn't gonna happen 

Oh it's still happening. With Hadoop batch jobs Java is still the way to go until Google allows C++ executables. The reason they don't is without transactional memory they fear someone could expose their OS and all the secret sauce hiding behind the obscurity provided by their custom JVM and Python Virtual Machine.

[patrickjp93]

Why do Java programmers need glasses?

Because they can't C#.

( ͡° ͜ʖ ͡°) 

As a programmer myself who hates .NET... BOOOOOOOOO! HISSSSSS!

[AlwaysFSX]

So surprising.

[jos]

Hey, if you see a java popup, READ WHERE IT CAME FROM! DONT JUST FUCKING CLICK RUN. Done. Problem solved.

 

 

 The problem is this flaw java to run in background without asking....

[Syntaxvgm]

Oh it's still happening. With Hadoop batch jobs Java is still the way to go until Google allows C++ executables. The reason they don't is without transactional memory they fear someone could expose their OS and all the secret sauce hiding behind the obscurity provided by their custom JVM and Python Virtual Machine.

I guess. 

I just don't think people in the 2007-2009 and a little later area really though the web applet side of java would die off as much as it did. 

[Syntaxvgm]

Hey, if you see a java popup, READ WHERE IT CAME FROM! DONT JUST FUCKING CLICK RUN. Done. Problem solved.

you can make it not do that...again 

[SImoHayha]

Jeez I bet java feels like Canadians unlocked doors everywhere.

[Delusional Phil]

Shocking ... 

[Virtual01]

In other news: Pope still catholic, sun confirmed "very hot".

[Beskamir]

And this is why I hate and will continue to hate Java. I wish more people could use actual languages and we wouldn't have to rely on horrible abominations like Java.

[evilarceus]

Aaand what about 1.7?

[NateGSR117]

Why am I not surprise

[LAwLz]

I just remember everyone, just a few years ago, saying learning java was the way to go for career seekers, and that's where the jobs would be

 

 

and called me stupid when I said that wasn't gonna happen 

Well you were wrong and they were right. Java is the best in terms of actually getting you a job. Most used/requested rarely translates to actually being the best in terms of performance/security/cost though.

 

 

Oh it's still happening. With Hadoop batch jobs Java is still the way to go until Google allows C++ executables. The reason they don't is without transactional memory they fear someone could expose their OS and all the secret sauce hiding behind the obscurity provided by their custom JVM and Python Virtual Machine.

What secret sauce? AOSP is open source.

And what Python VM? As far as I know Android doesn't have a Python VM in it. It's all Java as far as the apps goes (even when you use the NDK you still need a Java program to call your C/C++ code).

[patrickjp93]

Well you were wrong and they were right. Java is the best in terms of actually getting you a job. Most used/requested rarely translates to actually being the best in terms of performance/security/cost though.

What secret sauce? AOSP is open source.

And what Python VM? As far as I know Android doesn't have a Python VM in it. It's all Java as far as the apps goes (even when you use the NDK you still need a Java program to call your C/C++ code).

Google's Cloud Computing is not remotely open source.

[LAwLz]

Google's Cloud Computing is not remotely open source.

But what does that have to do with anything? I am not following you at all at the moment.

How would C/C++ on Android leak the "secret sauce" for whatever software Google runs on their servers?

[patrickjp93]

But what does that have to do with anything? I am not following you at all at the moment.

How would C/C++ on Android leak the "secret sauce" for whatever software Google runs on their servers?

I think you missed something critical. When I say knowing Java is still hugely useful for getting a job, I mean lots of the computing done by large businesses today involves map-reduce jobs of big data collections for later analysis. The most common platform for this is Google's Hadoop which doesn't allow C++ interface due to the fact it could expose the operating system in the right hands. That operating system and the libraries Google has built in are some of the major underpinnings for a lot of its infrastructure, basically its trade secrets.

[LAwLz]

I think you missed something critical. When I say knowing Java is still hugely useful for getting a job, I mean lots of the computing done by large businesses today involves map-reduce jobs of big data collections for later analysis. The most common platform for this is Google's Hadoop which doesn't allow C++ interface due to the fact it could expose the operating system in the right hands. That operating system and the libraries Google has built in are some of the major underpinnings for a lot of its infrastructure, basically its trade secrets.

Oops sorry yeah I misunderstood you. For some reason I thought you were talking about Android.