Forgot your password?
typodupeerror
Security

Sun Pushes Emergency Java Patch 90

Trailrunner7 writes "In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks. The patch comes less than a week after Sun told a Google researcher it did not consider the issue serious enough to warrant an out-of-cycle patch and less than a day after researchers spotted live exploits on a booby-trapped Web site. The flaw, which was also discovered independently by Ruben Santamarta, occurs because the Java-Plugin Browser is running 'javaws.exe' without validating command-line parameters. Despite the absence of documentation, a researcher was about to figure out that Sun removed the code to run javaws.exe from the Java plugin. The about-face by Sun is another sign that some big vendors still struggle to understand the importance of working closely with white hat researchers to understand the implications of certain vulnerabilities. In this case, Google's Tavis Ormandy was forced to use the full-disclosure weapon to force the vendor into a proper response."
Open Source

OpenNMS Celebrates 10 Years 37

mjhuot writes "Quite often is it claimed that pure open source projects can't survive, much less grow and create robust code. One counter example of this is OpenNMS, the world's first enterprise-grade network management application platform developed under the open source model. Registered on 30 March 2000 as project 4141 on Sourceforge, today the gang threw a little party, with members virtually attending from around the world. With the right business savvy and a great community, it is possible to both remain 100% free and open source while creating enough value to make a good living at it."

Slashdot Top Deals

Live free or die.

Working...