Sunday, November 09, 2008

JRE Vulnerability

I was listening to Windows Weekly last week and Paul Thurrott mentioned Microsoft's Baseline Security Analyzer. Leo Laporte then mentioned Secunia's PSI (Personal Software Inspector). I had heard about it before but it was a long time ago.

Secunia's PSI has a much broader scope than Microsoft's so I went poking around looking at it. Leo had also mentioned that Secunia had a similar Online Software Inspector. This doesn't require an install as it's a Java applet (here's where the good stuff starts) but only scans less than 100 programs. Even so, that list is a pretty good start.

So I read on. There was a bright red link in the right column that caught my eye.
When I followed this link, There was a discussion of a newly discovered exposure in Sun's Java Runtime Environment (JRE).

It's pretty geeky reading and has a link to CERT's blog post on it (interestingly entitled "Signed Java Applet Security: Worse than ActiveX?").

Go read it for yourself and then either take the steps in the CERT blog article or just run the Secunia OSI and it'll do it for you.

No comments: