Oracle Java, easily the most attacked and successfully exploited browser plugin, is on my radar again after finding new ways to fail at security.

The first sign of trouble recently was posted on Jerry Jongerius’s site, Duckware. He described the embarrassingly broken code signing implementation in the Java Runtime Environment (JRE).

The purpose of code signing is to cryptographically ensure that you can identify who created a program and that it hasn’t been tampered with by any third parties.

For example, Oracle offers a test applet (applets are Java programs that run in your browser) to determine whether your version of Java is update to date.

When you download the applet with Java, you are prompted to run the applet with a warning that Java applets can be dangerous, the name of the applet, the publisher and the URL serving it to you.

via Oracle Java fails at security in new and creative ways | Naked Security.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)