Re: So whats up with the 11.2 java security hole?

From: John Hurley <>
Date: Mon, 8 Feb 2010 11:18:46 -0800 (PST)
Message-ID: <>

On Feb 8, 10:52 am, "Vladimir M. Zakharychev" <> wrote:

snip ...

> [rant]
> Well, the weekend's over, been 4 (if I didn't miscalculate) days since
> disclosure and guess what - no alert from Oracle still. Neither public
> at, nor
> paying-customer-only at MOS, nor on their security blogs... Even a
> simple acknowledgment that they are aware and are working on a fix
> would do at this point... Do they think that if they just ignore the
> threat it will eventually go away? Or are they too busy rebranding Sun
> sites and cleaning up after CVE-2010-0073? (this one's a nice BEA
> heritage, full-fledged user-friendly backdoor, even no need to compose
> and inject shellcode to instantiate one of your own...)
> [/rant]

It does seem quite curious doesn't it.

No worries though because Mary Ann has our back right?

How long until the auditors start asking questions ( as they are supposed to do )? Received on Mon Feb 08 2010 - 13:18:46 CST

Original text of this message