Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2009-06-10 InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Java 6 update 14 released

Published: 2009-06-10
Last Updated: 2009-06-11 08:25:06 UTC
by Swa Frantzen (Version: 2)
0 comment(s)

Sun has updated Java to 6u14. Details can be found here:

Do note that while the list of bugs fixes is impressive, they also state: "This feature release does not contain any new fixes for security vulnerabilities to its previous release".

Many thanks to Roseman for providing the link to the details.


Jerry sent in the observation that there are is despite there being no security bug fixes, interesting security news in the release notes:

Blacklist Jar Feature

Support for blacklisting signed jar files has been added to 6u14. A blacklist is a list of signed jars that contain serious security vulnerabilities that can be exploited by untrusted applets or applications. A system-wide blacklist will be distributed with each JRE release. Java Plugin and Web Start will consult this blacklist and refuse to load any class or resource contained in a jar file that's on the blacklist. By default, blacklist checking is enabled. The deployment configuration property can be used to toggle this behavior.

The blacklist entries are the union of the blacklist files pointed to by the and properties. By default, points to the blacklist file in the jre/lib/security directory, and points to a blacklist file that contains additional entries added by a user


Swa Frantzen -- Section 66

Keywords: java Sun update
0 comment(s)

SysInternals Survey

Published: 2009-06-10
Last Updated: 2009-06-10 02:42:23 UTC
by Rick Wanner (Version: 1)
0 comment(s)

Hands-down the best tools for determining what is going on on a Windows system are Mark Russinovich's and Bryce Cogswell's Sysinternals Tools.  Frequent contributor Roseman has pointed out that Microsoft is asking for your help improving the Sysinternals tools. Over at the Microsoft Technet blog they are requesting Sysinternals users to take a short survey.

If you are a Sysinternals user please consider taking five minutes to contribute to their future.

-- Rick Wanner - rwanner at isc dot sans dot org

0 comment(s)
Diary Archives