Re: So whats up with the 11.2 java security hole?
Date: Mon, 8 Feb 2010 07:52:14 -0800 (PST)
On Feb 7, 2:47 am, John Hurley <johnbhur..._at_sbcglobal.net> wrote:
> Based on David Litchfield ...
Well, the weekend's over, been 4 (if I didn't miscalculate) days since disclosure and guess what - no alert from Oracle still. Neither public at http://www.oracle.com/technology/deploy/security/alerts.htm, nor paying-customer-only at MOS, nor on their security blogs... Even a simple acknowledgment that they are aware and are working on a fix would do at this point... Do they think that if they just ignore the threat it will eventually go away? Or are they too busy rebranding Sun sites and cleaning up after CVE-2010-0073? (this one's a nice BEA heritage, full-fledged user-friendly backdoor, even no need to compose and inject shellcode to instantiate one of your own...) [/rant]
Vladimir M. Zakharychev
N-Networks, makers of Dynamic PSP(tm)
http://www.dynamicpsp.com Received on Mon Feb 08 2010 - 09:52:14 CST