There Java vulnerabilities are out there and are being exploited. Oracle isn't doing a really good job at patching them at the moment, there are currently still a few known vulnerabilities that Oracle has known about for a few weeks that haven't been patched. They may not be easy to implement but there are being used, look at the whole NBC website debacle.
In any case I don't think there are many sites that you'd visit from the in-game browser that require Java, so I think disabling Java for the Steam in-game browser was a very good choice. On Sat, Mar 23, 2013 at 8:58 AM, Bruno Garcia <[email protected]>wrote: > I have seen the proof of concepts of the latest Java exploits , and I think > in this subject in particular there's no are no easy-setup tools that are > provided to exploit the vulnerability. (I might have seen some metasploit > modules, but not available to download) > But just the fact that the paper released on those exploits drives everyone > crazy. > I also consider that Java Arbitrary code execution exploits are patched > quite fast and are not used widely in the hacking 'community' > > > On Fri, Mar 22, 2013 at 2:26 PM, dan <[email protected]> wrote: > > > On 20/03/2013 10:46, Bruno Garcia wrote: > > > >> On the other subject, I agree with css getting updates separately, I > >> don't think those kids running severs will know their way around > setting a > >> Java exploit or even...seting...a MOTD at all. > >> > > > > The in-game web browser can do far more than simply displaying MOTDs. > > > > Although I think they are so many tiny but important features away from > it > > being usable that alt-tab is still a much preferable way of looking at a > > webpage mid game (and the lack of intelligent re-flowing of text to fit > the > > screen dimensions in big picture mode when you zoom in? C'mon Valve, buy > > yourselves an android phone, zoom into a web page on that and see how it > > should work ;) Panning left and right to read, say, the blurb in a > > walkthrough, makes it awful to use) > > > > MOTD's aren't really an issue since there's really nothing worth seeing > on > > them and you can disable them easily enough. > > > > (I think you're rather naive in security terms to decide that "kids" > > cannot set a java exploit) > > > > -- > > Dan. > > > > > > > > > > ______________________________**_________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > -- Idleness is not doing nothing. Idleness is being free to do anything. - Floyd Dell _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
