Forget about spending a decade debating closures - I'm talking about patching security holes here! The last couple of years, Java has become the predominant vector of attack, to the point that I recommend friends and family *not* to run it at all. Life is rarely that simple however, as i.e. the case with a Danish national SSO solution (taxes, banks etc.), for all practical purposes requiring applet functionality to be enabled for every citizen.
The latest vulnerability already seems to have the Poison Ivery trojan spreading all over. It seems however, we're far from zero-day vulnerability attacks, as these were brought to Oracle's attention some 4 months ago: http://www.security-explorations.com/en/SE-2012-01-press.html I have now stitched together Chrome plugin to only allow certain trusted applets to run, but your average Joe don't have that option. There's still no fix available and that's just not good enough! -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/hJTW5OLDg6wJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
