Roseman wrote to tell us that a new update for Sun JDK 5.0 has been released. Amongst a variety of bugs that have been fixed (and some of which seem to be ancient - check bug 4744057; "Potential deadlock between Selector and SelectableChannel", submitted in 2002!), one thing that caught my eye is the bug 6437047.
This "bug" was present with previous versions of Sun's JDK and is related to the Java plugin for Internet Explorer. Previous versions of the JDK were not properly signed which means that they were listed as (Not verified) in Internet Explorer (you can check this by opening the Manage add-ons tools in Internet Explorer: Tools -> Manage Add-ons -> Enable or Disable Add-ons).
This didn't prevent JDK from working, but definitely isn't best practice in security, where we're trying to educate our users to deny any non signed applets/applications/components. Sun finally fixed this (signed the plugin properly) so now the "(Not verified)" warning is not there any more.
As JDK has automatic updates this should pop up on your machine some time soon (by default, if I'm not wrong, it will check for new updates only once per month). Once you install the new update version, and are happy with it, remember that Sun has a weird habit of *not* removing older versions from your machine, so you might want to do that manually.
New update is available from http://java.sun.com/javase/downloads/index_jdk5.jsp.
I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Brussels February 2020
Dec 20th 2006
1 decade ago