Re: So whats up with the 11.2 java security hole?
Date: Mon, 8 Feb 2010 11:18:46 -0800 (PST)
On Feb 8, 10:52 am, "Vladimir M. Zakharychev" <vladimir.zakharyc..._at_gmail.com> wrote:
> Well, the weekend's over, been 4 (if I didn't miscalculate) days since
> disclosure and guess what - no alert from Oracle still. Neither public
> athttp://www.oracle.com/technology/deploy/security/alerts.htm, nor
> paying-customer-only at MOS, nor on their security blogs... Even a
> simple acknowledgment that they are aware and are working on a fix
> would do at this point... Do they think that if they just ignore the
> threat it will eventually go away? Or are they too busy rebranding Sun
> sites and cleaning up after CVE-2010-0073? (this one's a nice BEA
> heritage, full-fledged user-friendly backdoor, even no need to compose
> and inject shellcode to instantiate one of your own...)
It does seem quite curious doesn't it.
No worries though because Mary Ann has our back right?
How long until the auditors start asking questions ( as they are supposed to do )? Received on Mon Feb 08 2010 - 13:18:46 CST