back to article Surprised? Old Java exploit helped spread Red October spyware

Unpatched Java installations may have helped spread the malware responsible for the recently uncovered "Red October" cyber-spying campaign, researchers at Seculert have revealed. Kaspersky Labs first disclosed the existence of Red October on Monday, claiming that the program had been responsible for attacks on systems in …

COMMENTS

This topic is closed for new posts.
  1. adnim
    Unhappy

    I wish

    I was smart enough to develop a website with all the usefulness and functionality of a site coded with html, css, ajax, javascript and php in html, css and php only.....

    One that would satisfy the expectations of the consumer user.

    1. Zaphod.Beeblebrox
      Meh

      Re: I wish

      BTW this is about Java, not javascript.

    2. graham_
      Thumb Up

      Re: I wish

      hahaha..I wish you was smart enough to read.

  2. Zaphod.Beeblebrox
    Unhappy

    And the company I work for still resolutely refuses to remove Java from internal systems and from the systems we sell to our customers.

    X <-- Bang head here.

    1. MrT

      Shouldn't that be...

      X X

      \/

      ...bang head*s* here, Zaphod, cool frood?

      1. Zaphod.Beeblebrox
        Alien

        Re: Shouldn't that be...

        Zarquon man, you have a point!

    2. Destroy All Monsters Silver badge
      Headmaster

      > refuses to remove Java

      > not even talking about the plugin

      Maybe you are not entirely sure what you talking about, son?

  3. nuked

    "SURPRISED? OLD JAVA EXPLOIT HELPED SPREAD RED OCTOBER SPYWARE"

    No.

  4. Anonymous Coward
    Anonymous Coward

    inconvenient information omitted?

    I guess that the fact that the fix to the latest zero day that was mentioned being available over the weekend would have been counter to the authors assertion that oracle is slow to release java fixes, so it was conveniently omitted?

  5. Synja

    Java in and of itself is not the problem

    Once again, the problem is people running untrusted code in a trusted environment, even if it's accidentally. You don't run client side code unless you know the source. Java applications are no more inherently dangerous than applications written in any other language. The same risks apply to running Javascript, ActiveX, VBS, or any other client side code within a browser.

    1. Jamie Jones Silver badge

      Re: Java in and of itself is not the problem

      > the problem is people running untrusted code in a trusted environment,

      That's the point - the java plugin is meant to be sandboxed - it's due to bugs that programs escape the sandbox,

      Similarly, all the others are meant to be restricted in what they can do, or again, sandboxed from the main system

  6. Anonymous Coward
    Anonymous Coward

    "Java applications are no more inherently dangerous than applications written in any other language"

    Good luck telling that one to an applet busy shitting on your browser.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022