The XSS posted works only on a small class of SOHO routers, e.g. Westell UltraLine Series3 Routers.
If you have anything more sophisticated then a Westell UltraLine Series3 router, you are not affected.
The XSS uses the factory default router IP 192.168.1.1 to send HTTP requests to your router.

Looking back at the events of 2008, how many financial terrorists who created the situation had business degrees? I bet pretty much all of them.
The overall damage done to society by terrorist in business suits exceeds any other terror damage by far.

Nowadays, journalism is something you do in 144 characters or less.

I work in the Engineering Department. Engineering is indeed a very important aspect of my work. However, Information is even more important part of my responsibilities.
I prefer to be called Information Technology because that is what my work ultimately affects. Information acquisition, refinement, verification, processing, analysis, synthesis, storage, distribution, and protection are my specialties. In a way, that makes me the most knowledgeable person in the company.
I am a Druker's "knowledge worker".

The State of Washington can do many many things to sue just about anyone it wants.
Check this out:

1. Long arm jurisdiction,
2. Territorial jurisdiction,
3. Jurisdiction in personam,
4. Jurisdiction in Rem,

The State of Washington can bring up a case under any of the above.

People don't complain when Cisco, Juniper, etc integrate their routing/switching/firewall features with ASICs.
Why should databases be different?
Given the hardware prices and wide interest in FIPS-type security requirements, Oracle might as well be selling appliances. It will come to this sooner or later.

Who says you have to make GSM phone calls?
T-Mobile G1 can do VoIP just fine.

For better or worth, software development is nothing like video games. Performance, the topic of obsession for video gamers, is oftentimes an afterthought in industrial software development. Security, reliability, maintainability, computability, clarity receive higher priority almost each and every time. In order to understand this, of course, you have to spend a few too many years in software development. The truth about performance is rarely taught in CS university course, and almost never understood by CS students. I too was a fresh CS grad over a decade ago (I actually remember the time when Slashdot was popular) and despised, if not hated, Java. I adored C, optimized parts of the code in assembly, and though I knew everything there is to know. Boy was I silly. I was forced by my employer to deal with Java parts in a huge mixed codebase in 2000. I accepted Java in 2003 when it finally started producing decent benchmarks on the brand new Linux test equipment. Since then, I worked on many diverse problems, broadened my software architecture experience, and came to appreciate Java's design. I don't think I can design a better platform myself. I know that James Gosling is a freaking generous because I remember when I though he was a fool. Software design should never focus on fixed performance cost factors. Moore's law will marginalize fixed performance factors in a matter of years no matter how high in absolute value these fixed factors are.

But don't take my word for it. Listen to my elder colleague Charles E. Leiserson from MIT - Why study algorithms and performance?

Unfortunately, writing a program that would validate system calls is much much easier said than done. It takes no time what so ever to say it. If you actually start writing a program like that, you will quickly realized that this will be The most complicated problem of your life. Take a look at the NSA SELinux codebase. SELinux actually implements an extremely limited functionality to validate system calls. SELinux configuration cannot be controlled from the user space, so it is useless in any environment where you actually want to leave some security decisions to users. Also remember, if you create a workaround to give users some control over SELinux configuration, nothing will stop a malicious program run by a user from using the workaround you created without the user's knowledge. You need at least 3-tier architecture to implement a usable security. Moreover, you will have to analyze sequences of system calls in bundles and not just do an analysis call by call. Solving problem after problem, you will end up writing a virtual machine in pretty much the same way it is written for Java. It took more than 10 years for Java developers to implement their virtual machine solution - they started around 1992 and the most functional J2SE 1.4 appeared in 2002. It makes no sense what so ever to write a virtual machine yourself.

MySpace generation needs mobile communication devices to be promiscuous with. Security is one of the top design priorities, and Google just hit a jackpot with Android.

There is nothing simple about solving the system call validation problem. You actually end up writing a VM.

You are also forgetting about the problem of arbitrary memory pointers. You don't have to break into the privileged kernel mode in order to break security. All you have to do is to read or write what you are not allowed to access.

Crosscompile your application for ARM and push it on your Android phone with adb.

The trick with mobile devices is that users want to run hundreds of thousands of untrusted programs from application markets. Native code leads to viruses, trojan horses, keyloggers and all kinds of nasty things. Users have to have a protection mechanism. Java with its multilayer security is perfect for mobile applications.

If you are talking about servers, I have a newsflash for you. The majority of servers hardly use even 50% of their processing capacity on average. Java overhead at this stage of CPU development is negligible. Green movement will benefit more from saving the resources spent on development and maintenance of native code.