The Java Nightmare

From: Ken (SHIELDSIT)18 Jan 2013 20:31

To: ALL1 of 20

Can someone much smarter than me answer this question?

Q: Since all this mess with Java is coming out, does it effect Android? Android is all Java isn't it?

Reply

0/0

From: johngti_mk-ii18 Jan 2013 20:58

To: Ken (SHIELDSIT) 2 of 20

40253.2 In reply to 40253.1

What mess?

Reply

0/0

From: Ken (SHIELDSIT)18 Jan 2013 21:02

To: johngti_mk-ii 3 of 20

40253.3 In reply to 40253.2

You haven't heard of the big security mess with Java in the last couple of weeks? I'm on my phone or I'd find some links. But Google and you'll see.

Reply

0/0

From: johngti_mk-ii18 Jan 2013 21:52

To: Ken (SHIELDSIT) 4 of 20

40253.4 In reply to 40253.3

The most I know about the current state of java is that the bastard keeps asking me to update it whenever I turn our increasingly shit laptop on. And that's after I told it not to. The fucker.

Reply

0/0

From: Ken (SHIELDSIT)18 Jan 2013 21:55

To: johngti_mk-ii 5 of 20

40253.5 In reply to 40253.4

If you don't use it uninstall it. No shit and no kidding. It's a fucking mess. I'm home now so let me find you a few links.

Reply

0/0

From: Ken (SHIELDSIT)18 Jan 2013 22:07

To: johngti_mk-ii 6 of 20

40253.6 In reply to 40253.4

Here is an article.
Here is another article after it was patched.

You really haven't heard about this?

Reply

0/0

From: johngti_mk-ii18 Jan 2013 22:10

To: Ken (SHIELDSIT) 7 of 20

40253.7 In reply to 40253.6

Nope. I'm ridiculously uneducated in terms of anything computer based now.

Reply

0/0

From: Ken (SHIELDSIT)18 Jan 2013 22:16

To: johngti_mk-ii 8 of 20

40253.8 In reply to 40253.7

OK, well if you don't need it for anything the best thing is to remove it.

Reply

0/0

From: CHYRON (DSMITHHFX)19 Jan 2013 03:23

To: Ken (SHIELDSIT) 9 of 20

40253.9 In reply to 40253.1

http://en.wikipedia.org/wiki/Comparison_of_Java_and_Android_API

Reply

0/0

From: Ken (SHIELDSIT)19 Jan 2013 04:01

To: CHYRON (DSMITHHFX) 10 of 20

40253.10 In reply to 40253.9

I appreciate the link, and I read it, but it makes no sense to me. I've tried to learn java and made a few android apps, but I still don't get it. My brain isn't wired correctly to use that kind of language. I'm more at home with php or cfml.

Reply

0/0

From: CHYRON (DSMITHHFX)19 Jan 2013 16:41

To: Ken (SHIELDSIT) 11 of 20

40253.11 In reply to 40253.10

My point is that Android's dalvik isn't java (though obviously a very similar, and arguably derivative work). So it may not be subject to the particular security vulnerabilities that were recently uncovered.

Reply

0/0

From: Mouse22 Jan 2013 12:22

To: Ken (SHIELDSIT) 12 of 20

40253.12 In reply to 40253.1

Hopefully someone with more clevers can correct or corroborate, but it's Java running as a plugin within a browser that has security issues. Stand alone things written in Java aren't as hackworthy, so Android and indeed things like Minecraft are OKish.

Reply

0/0

From: Matt22 Jan 2013 13:38

To: Mouse 13 of 20

40253.13 In reply to 40253.12

The browser plugin is just the attack vector.

The security flaw (or flaws, because another has been found) exists in Java whether you use it stand-alone or via a browser plugin.

To be able to affect people who do not have the plugin installed you would need to get them to download the JAR file containing the exploit and run it locally, which while not impossible is a lot harder to do compared to hosting the exploited code on a website and sending people a link to it.

Reply

0/0

From: Ken (SHIELDSIT)22 Jan 2013 14:21

To: Matt 14 of 20

40253.14 In reply to 40253.13

You could embed it in the bee logo. Then you can have your own personal botnet.

Then, I think, you should use that botnet to make posts to forums.

Reply

0/0

From: ANT_THOMAS22 Jan 2013 14:29

To: Ken (SHIELDSIT) 15 of 20

40253.15 In reply to 40253.14

Selling kitchens and bags.