post 59

By anders pearson 07 Aug 2000

i generally keep java turned off in netscape because it makes it crash too much, but now there’s a really good reason to keep it off. as far as i know, this is the first real exploitable hole in the java security model; there have been lots of holes found before but they were always along the lines of “well, this part doesn’t work quite how it should although we can’t figure out how anyone would actually exploit it; we’ll fix it anyway though.” it should be interesting to see how sun reacts; hopefully they’ll come up with an intelligent fix rather copy microsoft’s “ignore it and it will go away” attitude towards security holes cough back orifice cough.