Java-Gaming.org Hi !
Featured games (83)
games approved by the League of Dukes
Games in Showcase (517)
Games in Android Showcase (123)
games submitted by our members
Games in WIP (578)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Another "Java isn't Secure" Thread  (Read 1029 times)
0 Members and 1 Guest are viewing this topic.
Offline Jimmt
« League of Dukes »

JGO Kernel


Medals: 136
Projects: 4
Exp: 3 years



« Posted 2013-09-17 04:34:26 »

Saw this randomly going through youtube (ad): https://www.bit9.com/forms/adwords-java-vulnerable-report/
https://www.youtube.com/watch?v=LVCA6B65Ggg

What do you think?
Offline SHC
« Reply #1 - Posted 2013-09-17 04:46:32 »

What about the CLR? .Net apps can be cracked as well. I think it became easier to hackers to hack java or .net apps due to the existing of complete file format of the class files or .net modules. If you open a .class file in notepad, you can see text like 'Ljava.lang.String' which contains almost all the data you have. This eases in decompiling and the existance of several decompilers. The same applies to .net apps as well, open a .net exe in notepad and you can see method calls of library classes.

Offline Jeremy
« Reply #2 - Posted 2013-09-17 04:50:09 »

I can't watch the video, but if by security you mean from malware...

Java in theory is secure - individual JREs have security exploits though.

'Java' has a poor reputation about the security community because it is poorly maintained by large JRE distributors. I.e, Apple let a known exploit linger in there JRE for a while resulted in mass spreading of the (I think it was called) 'The Flashback Malware.

Applet's are also a big cause for it. People assume that, just because it runs inside the browser they're safe. The difference between an applet and a flash application is very dramatic and that isn't appreciated enough. Even yet, unsigned Java Applets that run in a sandboxed environment have managed to break out of that sandboxed environment too many times to count and they're just simply not worth trusting anymore.

I think that article you were linking to is talking about people lacking appreciation for the security threats imposed by obsolete JREs

JevaEngine, Latest Playthrough (This demo is networked with a centralized server model)

http://www.youtube.com/watch?v=rWA8bajpVXg
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline HeroesGraveDev

JGO Kernel


Medals: 269
Projects: 11
Exp: 2 years


┬─┬ノ(ಠ_ಠノ)(╯°□°)╯︵ ┻━┻


« Reply #3 - Posted 2013-09-17 06:41:17 »

This is why we can't have nice things.

HEY EVERYONE! .EXES ARE NOT SECURE! IF SOMEONE RUNS AN EXE ON YOUR COMPUTER, IT CAN INSTALL A VIRUS! DELETE ALL .EXES FROM YOU COMPUTER NOW!

Although apart from the idiots, Oracle has had a part to play in ruining Java's reputation.

I had better start learning other OOP languages and their APIs.

Offline Mac70
« Reply #4 - Posted 2013-09-17 07:05:57 »

Just don't listen to any security "specialists" - especially if they are from big companies or companies related with with these corporations. Treat their "reports" as a source of fun. Roll Eyes

Java (and all JRE-based languages) position is currently unchallenged - it simply does not have any noticeable competitor in its field.

Check out my Devblog! Smiley
Offline concerto49

Junior Duke





« Reply #5 - Posted 2013-09-17 08:24:30 »

Oracle's been a lot better than Microsoft in patching security holes if you ask me.

High performance, fast network, affordable price VPS - Cloud Shards
Available in Texas, New York & Los Angeles
Need a VPS Upgrade?
Offline princec

JGO Kernel


Medals: 409
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #6 - Posted 2013-09-17 08:42:39 »

The fact is, the JVM coupled to a browser was a fundamentally stupid, flawed idea in the first place. It's like the genius of housing petrol and matches next to each other in a child's bedroom. OS = petrol, Java = matches, child = browser operator. What's the worst that could happen?

Cas Smiley

Offline SHC
« Reply #7 - Posted 2013-09-17 09:11:59 »

Oracle's been a lot better than Microsoft in patching security holes if you ask me.

It's known from the beginning, since C# came out. Microsoft designed C# after getting bailed for using Java in the name of J#

Offline lcass
« Reply #8 - Posted 2013-09-19 21:08:33 »

java is secure in a sense its just as secure as an exe or a c# document which have all had some sort of similar publicity like this in the past
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

DarkCart (24 views)
2014-10-31 21:44:48

DarkCart (30 views)
2014-10-31 21:43:57

TehJavaDev (40 views)
2014-10-27 03:28:38

TehJavaDev (31 views)
2014-10-27 03:27:51

DarkCart (45 views)
2014-10-26 19:37:11

Luminem (27 views)
2014-10-26 10:17:50

Luminem (31 views)
2014-10-26 10:14:04

theagentd (36 views)
2014-10-25 15:46:29

Longarmx (64 views)
2014-10-17 03:59:02

Norakomi (62 views)
2014-10-16 15:22:06
Understanding relations between setOrigin, setScale and setPosition in libGdx
by mbabuskov
2014-10-09 22:35:00

Definite guide to supporting multiple device resolutions on Android (2014)
by mbabuskov
2014-10-02 22:36:02

List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!