EvilZone
Community => General discussion => : parad0x January 17, 2013, 01:33:55 PM
-
Java is extremely vulnerable language.Why don't we discard Java.There are always some zero-day vulnerability in Java which makes the OS in which Java is running makes insecure.Many games and apps are written in Java and security holes in Java leads hackers to send malwares and other programs that can hack systems,servers,mobile phones,etc.So,why do we use Java.And plz don't get me wrong.
-
because it is cheap. It is also cross platform.
You don't need as much skill while coding in java as you would for other language.
Then there is the library which is extensive.
the question is... If not Java then what?
it is better to patch it then make a new one.
-
the question is... If not Java then what?
it is better to patch it then make a new one.
I agree that it is better to patch than to make a new language but what is the benefit if after patching the vulnerability and updating it,a new vulnerability comes in front of the world.
Just check out this link (https://www.google.co.in/#hl=en&tbo=d&output=search&sclient=psy-ab&q=java+is+the+most+insecure+language&oq=java+is+the+most+insecure+language&gs_l=hp.3...199046.210059.0.210733.36.29.0.0.0.1.1942.7639.4-2j1j3j1j1.8.0.les%3B..0.0...1c.1.FdAgFVp4Y4I&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&bvm=bv.41018144,d.bmk&fp=67cf00f56c597eca&biw=1600&bih=796)
-
@p_2001 +1 my good Sir.
I personally have never tried Java, but I always hear good things about it, especially in regards to its compatibility with a lot of different environments.
@Mr. Perfect, you have to understand, with something as adaptable, and easy to implement as Java, there are going to be an equal amount of cons to its pros. Java can be extremely secure, and as you already know, it can be extremely insecure. I believe it all depends on the developer, and how much effort they put into making a quality product. Java is extremely powerful, and shouldn't be thrown out for its security drawbacks.
-
I personally have never tried Java, but I always hear good things about it, especially in regards to its compatibility with a lot of different environments
Ok,but as you have said,it is compactible with every platform, and I am saying that its compatibility makes every platform insecure.Are you getting me? ???
-
Java is too much of a subject to be thrown away - it runs practically anywhere.
Besides, Windows has lots of vulnerabilities too. Does it mean Microsoft should discard it?
Flash is full of holes too, does it mean Adobe has to discard it?
Linux kernel has lots of exploits, does it mean Linus should discontinue it?
Do you see where I am going...?
Also it's not the Java that is vulnerable - it's the JVM, because Java is a language. JVM is what interprets the Java bytecode. So if you don't like Sun's (now Oracle's) JVM, run OpenJDK and you'll be shielded from exploits (more or less...).
-
Thanks guys, for the explanation.I am clear with my doubts. :)
-
Java is too much of a subject to be thrown away - it runs practically anywhere.
Besides, Windows has lots of vulnerabilities too. Does it mean Microsoft should discard it?
Flash is full of holes too, does it mean Adobe has to discard it?
Linux kernel has lots of exploits, does it mean Linus should discontinue it?
Do you see where I am going...?
Also it's not the Java that is vulnerable - it's the JVM, because Java is a language. JVM is what interprets the Java bytecode. So if you don't like Sun's (now Oracle's) JVM, run OpenJDK and you'll be shielded from exploits (more or less...).
Well said, Kulver. Couldn't do it better. (+1)
-
Java is too much of a subject to be thrown away - it runs practically anywhere.
Besides, Windows has lots of vulnerabilities too. Does it mean Microsoft should discard it?
Flash is full of holes too, does it mean Adobe has to discard it?
Linux kernel has lots of exploits, does it mean Linus should discontinue it?
Do you see where I am going...?
Also it's not the Java that is vulnerable - it's the JVM, because Java is a language. JVM is what interprets the Java bytecode. So if you don't like Sun's (now Oracle's) JVM, run OpenJDK and you'll be shielded from exploits (more or less...).
Actually flash and windows would both be really good candidates to throw away.
:P
-
This is why we have network security, they have to have access to the network before they can break in through java right?
-
This is why we have network security, they have to have access to the network before they can break in through java right?
I don't think java works that way...
-
Well, my understand is that if you're running a game on your computer (not an online game, just a normal game) that runs on the java platform or was even coded in java, then you aren't interacting with any other computer, much less a computer outside your network. In which case, if someone was trying to hack you, they would need access to your network.
-
Well, my understand is that if you're running a game on your computer (not an online game, just a normal game) that runs on the java platform or was even coded in java, then you aren't interacting with any other computer, much less a computer outside your network. In which case, if someone was trying to hack you, they would need access to your network.
Well yes, in a way...
Although the exploits are more practical among Java applets, instead of Jars. So to execute the malicious program/code the attacker does not need to break into your network, you just need to open a website containing that applet.
-
@silenthunter
As kulver said, applet attacks are now more commen.I refer you to my tut here (http://evilzone.org/tutorials/hack-remote-pc-java-signed-applet-social-engineering-code-execution/)
-
Well it does make sense since in that case, I was thinking of java programs and non-online games, but I can see where some vulnerabilities would come in.
-
Many good points mentioned above. While java is chosen for its ease of use and "write once, run anywhere concept," anyone really concerned with security should not be looking at java.
Enterprises that dont want java on every single desktop can develop their own solutions in-house, but that is much more costly.
Where possible; i like to rip java out completely, else turn up the HIDS & IDS.
-
Start with Adobe flash, and all the others waiting in the line. Company's often don't care about security. As long as it does not ruin themselves.
-
Start with Adobe flash, and all the others waiting in the line. Company's often don't care about security. As long as it does not ruin themselves.
^^ Exactly....People choose easy over secure any day when it comes to having to maintain / test code. Enterprises choose keeping these vuln apps and patching them as often as possible (in some cases) to keep up. Thats not a good answer. But hey, it gives us more attack vectors. :) I love finding those old 1.5/1.4 installs >_<