Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

- Archives - 2004-06-13 2004-06-20 2004-06-27 2004-08-29 2004-09-05 2004-09-12 2004-09-19 2004-10-10 2004-10-24 2004-11-07 2004-11-28 2004-12-05 2004-12-12 2004-12-26 2005-01-30 2005-02-06 2005-03-06 2005-03-13 2005-03-20 2005-04-03 2005-04-10 2005-04-17 2005-04-24 2005-05-01 2005-05-08 2005-05-15 2005-05-29 2005-06-05 2005-06-12 2005-06-19 2005-06-26 2005-07-10 2005-07-17 2005-07-31 2005-08-28 2005-10-09 2005-10-16 2005-10-23 2005-11-13 2005-11-27 2005-12-04 2005-12-18 2006-01-08 2006-02-05 2006-02-12 2006-02-19 2006-03-05 2006-03-12 2006-03-26 2006-04-23 2006-04-30 2006-07-16 2006-07-30 2006-08-06 2006-09-03 2006-10-08 2006-10-22 2006-10-29 2006-11-26 2006-12-10 2007-01-28 2007-02-04 2007-02-11 2007-03-11 2007-03-25 2007-04-08 2007-06-03 2007-06-10 2007-06-17 2007-07-01 2007-07-08 2007-08-19 2007-09-30 2007-10-07 2007-10-21 2007-11-04 2007-11-11 2007-11-18 2007-11-25 2008-01-27 2008-02-03 2008-02-10 2008-02-17 2008-02-24 2008-03-09 2008-04-06 2008-05-18 2008-05-25 2008-06-01 2008-06-08 2008-07-13 2008-08-10 2008-08-24 2008-08-31 2008-09-07 2008-10-05 2008-12-28 2009-05-10 2010-04-25


Blog Feed

Recent Items
 
Open Source: Shrinking the Trust Surface
 
Open-Source: How Trustworthy, How Secure?
 
Trustworthy Software Security: How Do We Get There...
 
Zombie Planet: Spam and Phish Egg Harvesting
 
Lost in Twisty Overlays All the Same: Peer Pressur...
 
To Engineer is to Tinker?
 
A Feed Too Far
 
Security is a Programming Problem?
 
Ending the Madness: Deja Triple Vu
 
Your%20Message%20Here

  

visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
 
Millennia Antica: The Kiln Sitter's Diary
 
nfoWorks: Pursuing Harmony
 
Numbering Peano
 
Orcmid's Lair
 
Orcmid's Live Hideout
 
Prof. von Clueless in the Blunder Dome
 
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
 
DMA: The Document Management Alliance
 
DMware: Document Management Interoperability Exchange
 
Millennia Antica Pottery
 
The Miser Project
 
nfoCentrale: the Anchor Site
 
nfoWare: Information Processing Technology
 
nfoWorks: Tools for Document Interoperability
 
NuovoDoc: Design for Document System Interoperability
 
ODMA Interoperability Exchange
 
Orcmid's Lair
 
TROST: Open-System Trustworthiness

 

Uh Oh: Time to Refresh Java

F-Secure : New Java Applet Trojan.  2004-09-21: I've been slugging away building a Java development setup for the great Numbering Peano escapade.  One part of demonstrating the grounding of code includes providing an account of the tools I used and the version of Java (J2SE 1.4.1 SDK 1.4.1_02) that you can confirm my tests with.  I already knew that this build isn't supported any longer, and I was going to refresh anyhow as part of my XPSP2 upgrade, but now I've got a new problem:  Security exploit against the Sun Java Runtime.  Yippy Skippy.  OK, after I send in my proposal to commence my M.Sc in IT Dissertation Project, I will do a refresh to the nearest higher-numbered release that doesn't have this flaw and reconfirm the little bit of code that I am using so far. The Sun Alert Notification is one year old, and the apparent reason that F-Secure mentions it now is because there is an exploit in the wild.  Dangnabit. Then I need to check other Java Security Bulletins to see what else there is to upgrade beyond.  Ah hah.  Okey dokey.

It looks like I need to be at 1.4.2_05 at least

Java Runtime Environment May Allow Untrusted Applets to Escalate Privileges.  2004-09-21: Well, here's another vulnerability, in J2SE 1.4.2_04 and earlier (and some 1.4.1 and 1.4.0 builds too), so I might as well move higher.  According to the 2004-08-02 bulletin, the safe move is upgraded t0 1.4.2_05.  We'll just have to see about that.  And now that I have delayed putting these clippings in my face where it will do some good, I must remember to get the latest information, again before I download updates.  Oh, woe is me ...

¶ posted by orcmid at 10/28/2004 11:43:00 PM

  <$BlogBacklinkTitle$>  

<$BlogBacklinkSnippet$>
posted by <$BlogBacklinkAuthor$> at <$BlogBacklinkDateTime$>