back to article Nasty nuke-lab data-slurper EVOLVES, now feeds off new Java hole

A piece of malware linked to attacks against governments and organisations involved in hi-tech industries such as space exploration and nuclear power has been adapted to exploit a recently uncovered Java security flaw. NetTraveler has been outfitted to exploit a recently patched Java bug as part of a watering-hole-style attack …

COMMENTS

This topic is closed for new posts.
  1. John Smith 19 Gold badge
    Unhappy

    Another good reason to either not install or disable Java?

    If you don't need it you don't want it.

  2. Anonymous Coward
    Anonymous Coward

    Java?

    Just like Flash, enterprise systems should not be running Java for anything. Bloated, slow, full of security holes and the applications you get are written by little more than overpaid script-kiddies.

    I know, I've checked the code that comes through from potential suppliers. The absolute basics (such as message validation on a public interface) are left out and it's possible to blow the entire system up because of this. And then we get to the spelling mistakes in the message structures for systems that apparently passed QA. Seriously.

    "Java programmers". Pfft. Try "Pretend programmers"; it's closer to the mark.

    1. Anonymous Coward
      Anonymous Coward

      enterprise systems should not be running Java for anything

      Try telling that to IBM, EMC and Dell.. half of their management systems are written in Java, so Enterprises have little alternative but to use it!

      1. Anonymous Coward
        Anonymous Coward

        Re: enterprise systems should not be running Java for anything

        People still buy from EMC (excluding VMWare and hardware for the moment) and Dell?

        IBM, at least, still has some proper programmers.

        And there is always an alternative: "I'm sorry, Java is a security risk I am not willing to take and for that price I'd prefer that the software was written by professionals".

        1. Mr Q

          Re: enterprise systems should not be running Java for anything

          Well if not Java, And what programming language and framework do you use then?

          1. Anonymous Coward
            Anonymous Coward

            Re: enterprise systems should not be running Java for anything

            That would all depend on what the software is supposed to do. Any properly trained programmer (i.e. cut their teeth in C) can code in just about any language.

            For a simple web app? Python or similar would do.

            Business logic? C#.

            A client application? C# again or Objective C (if on a Mac).

            For prodding hardware? Assembler, C or C++.

            Super-whizzo web GUIs with HTML5/CSS3 shenanigans? Various bits of JQuery for the UI, backed by ASP.net and C# business logic.

            There is no need to degrade systems with Java.

            1. Swarthy
              Paris Hilton

              Re: enterprise systems should not be running Java for anything

              So.. what do you recommend for business logic or "Super-whizzo web GUIs with HTML5/CSS3 shenanigans" if being rolled out in a *NIX environment? Mono?

              Don't get me wrong: I am not a fan of Java, the language is cumbersome and the current paradigm seems to lead to Dependency Hell (DLL Hell for you MS Developers); but .Net development ignores a large chunk of the web server market, and is not the only answer.

              1. Anonymous Coward
                Anonymous Coward

                Re: enterprise systems should not be running Java for anything

                "So.. what do you recommend for business logic or "Super-whizzo web GUIs with HTML5/CSS3 shenanigans" if being rolled out in a *NIX environment? Mono?"

                You use the platforms I mention - HTML5/CSS3 runs regardless of client OS (not that many people use *NIX clients).

                As for the server, pick the language that the server can run. If that's C#; great. If it has to be something else, great.

        2. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Java?

      While I don't doubt your analysis of the code, the sad truth is that too many vendors write too much code that requires Java. And all too often the front end is a browser.

      In the case of the people I have to support it gets worse. The programs using it are mandated by government policy and are used by the accounting department for handling money. And yes, one of the requires not just a browser, but IE8. Oh, Firefox and Chrome will probably run the code but ask for support from the dev team when something isn't working and they'll tell you they only support IE8.

      1. Anonymous Coward
        Anonymous Coward

        Re: Java?

        "Oh, Firefox and Chrome will probably run the code but ask for support from the dev team when something isn't working and they'll tell you they only support IE8."

        That's not a dev team - that's script kiddies. Hire professionals.

    3. Frumious Bandersnatch

      Re: Java?

      "Java programmers". Pfft. Try "Pretend programmers"; it's closer to the mark.

      Steady on. You'll be telling us they eat quiche next!

  3. pierce

    yeah, and html5 has no security holes, oh no.

    people never write bad python code, oh no.

    a client application written in C# will ONLY run on a MS Windows client, and one written in ObjectiveC will only run on a Macintosh. oh yeah, and .NET Framework (C#), gee, which version? Java at least has maintained a fairly high level of forwards compatability.

This topic is closed for new posts.