Screaming Penguin - Source Does Matter

Sun plugs serious holes in Java

Very alarming - with a headline like that and then a bold intro that reads:

Sun Microsystems has fixed five security bugs in Java that expose computers running Windows, Linux and Solaris to hacker attack.

What are the \"security bugs in Java\" which leave various OS machines exposed to \"hacker attack\".

There are flaws and they do affect the JRE and JDK but they dont exactly expose all computers with Java to \"hacker attack !!! run away run away!!!!!!\".

Reading the first of the vulnerabilities, line one is - \"Security Vulnerabilities in the Java Runtime Environment May Allow an Untrusted Applet to Elevate Its Privileges\".

So we have gone from any machine to any machine which loads an untrusted applet in a web browser via the Internet (an action which the user must initiate).

Another of the vulnerabilities relates to JMX.

Basically a normal user who might run say Azareus or LimeWire or or another local Java app on a user machine is not affected. People that run applets via their browser are most vulnerable yet in this century not many browsers run untrusted applets without several layers of clicking yes are you sure or specifically modifying settings to allow anything.

The actual risk here is trivial. Far from the hyperbolic headlines at news.com. It requires a malicious applet, and if you are hitting malicious applets you are in serious jeopardy anyway \"flaws\" or not.

Dont get me wrong, stuff is broken and there are bugs and updates are advised, its just that a \"tech\" oriented place like news.com should really do a better job of reporting facts and not just pulling a USA Today style \"hackers are going to get you - waaatchhh ouuuuttt!\".