What does the language matter when fractions of a cent
have been redirected from a banks customers to a programmers account?
Of course they were finally caught and I think it was before java and
gettree();.
What does the language matter when fractions of a cent
have been redirected from a banks customers to a programmers account?
Of course they were finally caught and I think it was before java and
gettree();.
What does this have to do with java vulnerabilities?
The first article link seems to be committing a fallacy commonly known
as missing the point. What is the vulnerability to begin with?
java works with floating point numbers though random access using
seek() maybe used for monetary changes incrementing int"s" instead
of floats. Im not certain exactly how the programmer took fractions
of a cent code wise as I did not see the code nor was I paid to write
a simulation to figure it out, but 1000's if not millions of customers
were loosing about a 1/4 of cent off each automated transaction. This
was discussed in a C++ class in college and I don't think java was used
though it could certainly do the same. However it was criminal coding not a
language error. Something to think about, in the 70's under US law it
was ruled wages may not be waged electronically.
What do they do? Other than applets which can be shut off in browsers
I haven't seen yet that java controls operating systems. Fedora/Red Hat
looks to have transitioned from C at level 3 computer architecture to
Python. The last Sun system I installed almost 10 years ago I think
was still GUI controlled with C?
Adam Gowdiak, a researcher with Poland's Security Explorations who has discovered several bugs in the software over the past year, told Reuters that the update leaves unfixed several other, notable security issues
I would like some straight up honest advice from a non-paranoid. Is there
really anything to this? I have to have Java on my machine so the wife can
access her work system from home, otherwise she never comes home. I thought
I saw on WindowsBBS that Oracle had fixed it.
Let's hope this sounds the death knell for Oracle.
Why would we hope for that?
Besides Oracle's business is hardly java, it's many things. We gave them 25 mil this year to upgrade all our hardware and software, it's some pretty nifty stuff..
Reilly, I don't know how technically saavy you are, or how much trouble/work you are willing to do, but Virtualbox could be a good fix. Its free and fairly easy to implement. I've found this guide straightforward, and it walks you through enough that by the end, you'd have a good understanding of this flavor of VM: http://www.packtpub.com/virtualbox-3-1-beginners-guide/book . On the machine you use now, setup one VM with what your wife needs, and another for browsing the web.
Plus its very cool and fun to be able to run the equivalent of multiple computers, each with whatever OS you want, at the same time on a single machine. Unless you have a very old, slow computer you might only need some extra RAM.
which could result in the installation of malware, identity theft or used to rope personal computers in to becoming unauthorized botnets -- which can then be used in denial-of-service attacks against other sites.
You would think that some (all) of the security vendors should be able to update their software to detect whether a machine has been compromised, even if they can't prevent it.
EDIT:
After doing some poking around on this, it appears that this task is more difficult than you might suspect.
Here's an interesting article on using one free tool, Sysinternals Process Explorer, to detect and clean a system.
The problem is that if you have no idea what you are looking for, it's almost impossible to find it. Suppose a process has made itself hidden to the task manager by hooking EnumProcesses. You might think this would be an easy case to detect. However, the process could be hooking EnumProcesses through a variety of different ways. For example, an unconditional hook at the start of the function, an IAT hook, causing an access violation to occur at EnumProcessesand catching that with a VEH and modifying the EIP/RIP, etc. etc. Even in this simple case, it is not possible to guarantee detection of the hook. This is all assuming that the hook has been performed at usermode on a specific API and also that the code makes no attempt to hide itself from detection.
If you are looking for general guidelines, the best method is probably to look at common detouring techniques.
Let us know!