Re: java: vulnerable by local JDownloader software?

[Alex Kornilov <alex.kornilov3 () mail ru>]

On 3/26/13 9:11 PM, Neil Cooler wrote:
> The primary risk of Java vulnerabilities is drive-by attacks in the
> browser.  The browser will usually execute any Java applet it is told
> to execute by the webpage.
>
> If you have it disabled in the browser, some vulnerabilities are still
> potentially exploitable, but the attack vector changes.  Rather than
> entice you to click on a link that has the malicious Java file, or to
> set up a watering hole attack on a site you're likely to visit, the
> attacker has to find some way of getting you to download and execute
> his malicious file, which would involve significantly more social
> engineering, or he has to have local access to the system in order to
> run the file himself.  At which point, you've most likely already
> lost.
>
> It is very unlikely that a tool like Jdownloader would be exposed to
> these types of vulnerabilities.  You still should be concerned about
> any flaws inherent in the specific code written for Jdownloader and
> keep an eye on the NVD for known weaknesses as with any other client
> application.  But the beef the Infosec industry has with Java is
> almost exclusively with Java applets running amok in the browser.
thank you. Now everything clear. But who needs java applets in 2013?
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com