[4739] in WWW Security List Archive
Re: Latest Java hole is Netscape/Sun only
daemon@ATHENA.MIT.EDU (BVE)
Sun Mar 9 23:22:08 1997
Date: Sun, 9 Mar 97 21:20:44 EST
From: bve@quadrix.com (BVE)
To: thomasre@microsoft.com
In-Reply-To: <c=US%a=_%p=msft%l=RED-76-MSG-970307175635Z-213342@INET-02-IMC.microsoft.com> (message from Thomas Reardon on Fri, 7 Mar 1997 09:56:35 -0800)
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
From: Thomas Reardon <thomasre@microsoft.com>
just a quick note that the VM bug affects only Netscape and Sun
implementations. that means IE for Windows is ok, but IE for Mac (Sun's
VM) is vulnerable. we're off the hook for once this week ;)
-Thomas Reardon
Microsoft
You know, the most interesting things about this latest Java bug are:
1) Sun discovered it themselves -- not some outside party -- during a
"regular security review".
2) In part due to #1, the patches have already been released.
3) Sun ANNOUNCED THE PROBLEM to all major venues. This is probably the
most important distinction. I give a company credit when they
announce their problems, along with the fixes. MS is notorious for
hiding their problems, until someone makes them speak up.
Please understand that I am *not* trying to slam MS for this!!!
I am instead attempting to point this out as an example to be followed.
Mr. Reardon, if you can make *anyone* at MS listen to you, tell them to be
forthcoming with problems, so that we may all protect ourselves ASAP. Stop
trying to play "holier than thou" with security. As you've found out this week
(and as I think you've said in the past) no software is bug-free. I'm not
going to shoot MS for having a bug. I'm going to shoot them for all the games
they play with their holes, and others....
-- Bill Van Emburg
Phone: 908-235-2335 Quadrix Solutions, Inc.
Fax: 908-235-2336 (bve@quadrix.com)
Check out http://yourtown.com! (http://quadrix.com)
"You do what you want, and if you didn't, you don't"
