Oracle effectively disables Java in all browsers?

Apparently, the latest patch of the Java security vulnerabilities is not so secure itself:

[quote]Security Explorations, the Polish security startup that discovered the Java SE 7 vulnerabilities that have been the targets of recent web-based exploits, has spotted a new flaw that affects the patched version of Java released this Thursday.
[/quote]
Unfortunately, these flaws means that people are recommended in many places and news items these days to uninstall java from their systems:

[quote]For the time being, given the apparent similarity of this flaw to the ones previously reported, users are advised to either disable Java in their browsers or uninstall it completely to avoid falling prey to any future exploits.
[/quote]

That’s not so good for Java Gaming :clue: I guess I have to start looking at how to embed a Java runtime in an application…

Indeed, it doesn’t affect me one bit. But this is just what I’ve been telling people to do for 10 years now, quietly ignored in the background

Cas

No more applet?

I think they’ve misunderstood the concept of a “sandbox”. It’s supposed to have walls. Without walls, all the filth of the internet spills into your computer.

Ah-HA! This is Oracle’s Master Plan ^™ to force users off of Java 7, paving the way for their new pay-only Java 8! :

Does OpenJDK suffer the same issues?

[quote]Does OpenJDK suffer the same issues?
[/quote]
OpenJDK may has same security issue, but they don’t tell ppl to uninstall.

Seen this latest one in the Register yet? This time, it’s Java 6.

Huh, did I hear a whisper in the background?

…

I’m hearing you ;D

Well, if they did that, they’d pretty much kill off Java on the desktop. Nobody will pay for java. Plenty of other free alternatives.

Yeah well, I was kidding you see.

Just read the Register article. This looks grim. I wonder why Oracle or the OpenJDK devs are not jumping on this, even if the issue is eventually fixed, failing to provide a quick solution could result in enough user backlash to effectively kill Java.

Edit: Interesting. Firefox automatically disables the outdated Java plug-in.

Out of curiosity, what free alternatives? The closest thing is just Qt.

IMHO. The alternatives on their current state now are not match to what whole Java gained so far. But in the time of Java falling time? who knows.

I keep my fingers crossed that OpenJDK somehow kicks regular Java in the teeth and becomes the default Java API… Guess I’m being naive or something.

OpenJDK is the official java development branch and is what Oracle’s JDK is built on.

Or did you mean the IceTea plugin? That might not be susceptible by way of being broken in general.

What? My understanding was that OpenJDK was a spin-off using the Java source intending to implement an alternative to Oracle’s Java.

Mine too. But I think, BY NOW, its official.

reads a bit I see.

No Windows OpenJDK distribution? :clue: I guess you could compile your own.

How do these exploits affect the majority of people who don’t visit dodgy websites?

It turns out that a significant number of people visit dodgy websites but won’t actually admit it to anyone.
It also turns out that other people living in your home network might visit dodgy websites and let something nasty into your house.
Or someone in the office might visit somewhere dodgy and the next thing you know every PC in the office is fuxx0red. Then someone takes his infected laptop home and plugs it in.

It’s a terrible situation and could really have done with patching within 24 hours of being noticed. Oracle have really screwed up.

Cas

Also these sort of things don’t usually spread by people intentionally visiting dodgy websites but by things like people receiving links in email which they click (or on Facebook or some other genuine site) . Once infected then the usual multiplication cycle begins i.e. the malicious app sends more links to the list of contacts on the compromised machine.