Re: So whats up with the 11.2 java security hole?
Date: Mon, 8 Feb 2010 07:52:14 -0800 (PST)
Message-ID: <08aa1821-1587-4607-9471-497b78a50cfe_at_h2g2000yqj.googlegroups.com>
On Feb 7, 2:47 am, John Hurley <johnbhur..._at_sbcglobal.net> wrote:
> Based on David Litchfield ...
>
> http://www.computerworld.com/s/article/9151318/Black_Hat_Zero_day_hac...
[rant]
Well, the weekend's over, been 4 (if I didn't miscalculate) days since
disclosure and guess what - no alert from Oracle still. Neither public
at http://www.oracle.com/technology/deploy/security/alerts.htm, nor
paying-customer-only at MOS, nor on their security blogs... Even a
simple acknowledgment that they are aware and are working on a fix
would do at this point... Do they think that if they just ignore the
threat it will eventually go away? Or are they too busy rebranding Sun
sites and cleaning up after CVE-2010-0073? (this one's a nice BEA
heritage, full-fledged user-friendly backdoor, even no need to compose
and inject shellcode to instantiate one of your own...)
[/rant]
Regards,
Vladimir M. Zakharychev
N-Networks, makers of Dynamic PSP(tm)
http://www.dynamicpsp.com
Received on Mon Feb 08 2010 - 09:52:14 CST