Day after patch, Java zero-day sold to highest bidders

See on Scoop.itGreen Energy Technologies & Development

With exploit sold for $5,000 via cybercrime forum, experts double down on calls for consumers to uninstall the software

Duane Tilden‘s insight:

“Java is fundamentally broken because it is built upon a broken promise: That it runs in a protected sandbox which somehow protects the user,” Krebs told CSO Online on Wednesday.

Sunday’s patch was an effort to quiet a firestorm of criticism and calls not only from a majority of security experts but even the Department of Homeland Security (DHS) for consumers to disable Java on their PCs.

This latest report intensified some of those calls, but also a bit of pushback, although not in the form of any major defense of Oracle. Simon Crosby, […] banning or disabling Java would not solve the problem. “Humans develop buggy code — […] they can all be subverted,” he wrote. “Moreover, many users (and businesses) depend on Java … banning it would severely impact my ability to work.”

Crosby wrote that “micro-virtualization” can solve the problem with Java and other insecure applications with “hardware isolation to enforce ‘need to know’ on a per-task basis on the endpoint.”

See on


3 thoughts on “Day after patch, Java zero-day sold to highest bidders

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s