Last Updated: 2009-06-11 08:25:06 UTC
by Swa Frantzen (Version: 2)
Sun has updated Java to 6u14. Details can be found here:
Do note that while the list of bugs fixes is impressive, they also state: "This feature release does not contain any new fixes for security vulnerabilities to its previous release".
Many thanks to Roseman for providing the link to the details.
Jerry sent in the observation that there are is despite there being no security bug fixes, interesting security news in the release notes:
Blacklist Jar Feature
Support for blacklisting signed jar files has been added to 6u14. A blacklist is a list of signed jars that contain serious security vulnerabilities that can be exploited by untrusted applets or applications. A system-wide blacklist will be distributed with each JRE release. Java Plugin and Web Start will consult this blacklist and refuse to load any class or resource contained in a jar file that's on the blacklist. By default, blacklist checking is enabled. The deployment.security.blacklist.check deployment configuration property can be used to toggle this behavior.
The blacklist entries are the union of the blacklist files pointed to by the deployment.system.security.blacklist and deployment.user.security.blacklist properties. By default, deployment.system.security.blacklist points to the blacklist file in the jre/lib/security directory, and deployment.user.security.blacklist points to a blacklist file that contains additional entries added by a user.
Swa Frantzen -- Section 66
Last Updated: 2009-06-10 02:42:23 UTC
by Rick Wanner (Version: 1)
Hands-down the best tools for determining what is going on on a Windows system are Mark Russinovich's and Bryce Cogswell's Sysinternals Tools. Frequent contributor Roseman has pointed out that Microsoft is asking for your help improving the Sysinternals tools. Over at the Microsoft Technet blog they are requesting Sysinternals users to take a short survey.
If you are a Sysinternals user please consider taking five minutes to contribute to their future.
-- Rick Wanner - rwanner at isc dot sans dot org