Not sure what you would expect here. Unless you are claiming that the researcher is making up the forum in question, or potentially making up a vulnerability, is it really a criticism not to disclose a vulnerability one does not know?
This is mostly hinged on my belief that the selling of exploits is not actually unheard of. Now, I agree that this really shouldn't turn into a bash Oracle thread. Until we know the vulnerability, there is no way to know what they could have done to prevent it. However, this does seem a good call to arms to be on the lookout for suspicious behaviour if you have an exposed machine with a jvm. On Mon, Dec 3, 2012 at 4:47 PM, Cédric Beust ♔ <[email protected]> wrote: > > On Mon, Dec 3, 2012 at 1:39 PM, Casper Bang <[email protected]> wrote: > >> What pay website? > > > From the article: > > "The flaw, currently being sold by an established member of an invite-only > Underweb forum," > > > -- > You received this message because you are subscribed to the Google Groups > "Java Posse" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/javaposse?hl=en. > -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
