Post by sherlew99 on Sept 17, 2013 10:20:00 GMT -6
Oracle Java fails at security in new and creative ways
by Chester Wisniewski on September 17, 2013
Oracle's concept is that enterprises who have a certificate for signing Java applets will be able to sign a policy for their outdated applets that allows them to continue to operate insecurely, even if the device is running a more modern version of Java that prohibits these behaviors.
Wow.
What a dream for attackers who deliver malicious applets as a means of delivering malware to your PC/Mac.
It's a way to disable security warnings that in no way deters cybercriminals, but is too complicated for most organizations to manage and deploy.
This feature of course offers no security benefits at all to normal Java users and arguably very little for corporate customers.
by Chester Wisniewski on September 17, 2013
Oracle's concept is that enterprises who have a certificate for signing Java applets will be able to sign a policy for their outdated applets that allows them to continue to operate insecurely, even if the device is running a more modern version of Java that prohibits these behaviors.
Wow.
What a dream for attackers who deliver malicious applets as a means of delivering malware to your PC/Mac.
It's a way to disable security warnings that in no way deters cybercriminals, but is too complicated for most organizations to manage and deploy.
This feature of course offers no security benefits at all to normal Java users and arguably very little for corporate customers.
Click here to read the rest of the article.