Ngithole i-athikili ethokozisayo, umthombo uwukuthi KOrKala.nl futhi umbhali UKelly Jackson Higgins. Ngishiya ukuhunyushwa kwayo:
Uhlangothi Olumnyama lweJava
IMetasploit ingeza imodyuli entsha yokuhlaselwa kweJava kwakamuva lapho iJava iba yinto entsha eyintandokazi yama-cybercriminals
Dec 01, 2011 | 08:08 PM
NguKelly Jackson Higgins
Ukufunda Okumnyama
Ithuluzi elonakele kohlangothi lonjiniyela, kepha Java ihlala ikhona ikhompiyutha eyisisekelo futhi ekhohlwayo njalo ebhekiswa kakhulu ngabantu ababi.
Kungani iJava njenge-vector yokuhlasela?
Ukungena kwayo kanye nenani elibi kakhulu lezinguqulo eziphelelwe yisikhathi ezisebenza laphaya kumakhompyutha zenza iJava isigqoko esimnyama esizikhethele kubaduni muva nje. Izinombolo zikusho konke: Cishe amasistimu wamabhizinisi angama-80 aphelelwe yisikhathi, izinhlobo ezingakhishwanga zeJava, ngokusho kwedatha evela kwaQualys. Futhi kusukela kwikota yesithathu ka-2010, iMicrosoft ithole noma yavimba cishe imizamo eyizigidi ezingama-6.9 yokuxhaphaza iJava njalo ngekota, ngenani eliyizigidi ezingama-27.5 lokusebenzisa imizamo ngaleyo nkathi yezinyanga eziyi-12.
Sekukonke, amadivayisi ayizigidi eziyizinkulungwane ezintathu asebenzisa iJava emhlabeni, futhi iziphequluli ezingama-3% ziyayisebenzisa. Okwamanje, abanye abasebenzisi be-savvy abasebenza kakhulu bayakhubaza noma bayikhiphe ngokuphelele njengokuvikela.
Abathuthukisi bethuluzi lokuhlola ukungena komthombo ovulekile elaziwa kakhulu iMatasploit kuleli sonto bengeze imodyuli entsha yokuhlasela kwakamuva kweJava okuhlukumeza ukuba sengozini okusanda kuthinteka ekusetshenzisweni kwe-Oracle's Java, iRhino. Iphutha ku-Oracle Java SE JDK ne-JRE 7 no-6 libuyekeza ama-27 nezinguqulo zangaphambilini, ezamenyezelwa ekuqaleni ngabaphenyi lapha y lapha kwase kuthi ngokushesha kuthele izithelo kusikidi lobugebengu obufihlekile, njengoba i-blogger uBrian Krebs yathola ku iwebhusayithi yakho. I-Krebs On Security ibike ukuthi lokhu kuhlasela bekuqhubeka nangaphakathi kwe-BlackHole ubugebengu.
«IJava noma kuphi lapho ifuna khona, futhi akekho noyedwa oyibuyekeza kahle«I-HD Moore, umdali nomakhi omkhulu weMetasploit ne-CSO eRapid7. «Zimbalwa kakhulu izinkampani eziyibuyekeza kumakhompyutha azo.»
“I-Oracle inikela nge-auto-update feature yeJava, kodwa idinga amalungelo okuphatha kumsebenzisi wekhompyutha ukuyisebenzisa, into izinkampani eziningi ezingayivumeli"Kusho uMoore.
UMqondisi we-Trusted Computing weMicrosoft, uTim Rains, ngasekuqaleni kwaleli sonto uveze kokuthunyelwe ukuthi izimbungulu ezinamachashaza ku-software ye-Oracle's Java sezivinjezelwe izinyanga. «Ukuba sengozini kwesoftware ye-Oracle's Java kuhlaselwe ngezinga elikhulu izinyanga ezimbalwa futhi, njengoba ngishilo, izibuyekezo zokuphepha zalezi zinkinga ziye zatholakala isikhathi esithile.»Ithi Imvula. «Uma ungazange ubuyekeze iJava endaweni yakho muva nje, kufanele uhlole ubungozi obukhona. Phakathi kwezinye izinto, izinhlangano kumele zazi ukuthi zingaba nezinhlobo eziningi ze-Java ezisebenzayo.", Uthi.
Iphutha le-Java le-Oracle, elalinamathiselwe ngu-Oracle ngenyanga edlule, livumela i-applet yeJava ukuthi isebenzise ikhodi engqubuzanayo ngaphandle kwebhokisi le-Java. URoidid7's Moore uthi lokho okubizwa ngeJava Rhino Exploit (okusebenza emapulatifomu amaningi, kufaka phakathi iWindows, iOS, neLinux) kwenzeka ngemuva, kungazi lutho kumsebenzisi osetshenziswe yilokho kuxhashazwa. Kuyathakazelisa ukuthi i-Linux manje isengozini yokuhlaselwa. «I-Oracle iyigwebile, i-Apple yafuna isibuyekezo sesoftware. Kepha iningi le- abathengisi Abahlinzeki be-Linux ?? angifunanga izibuyekezo"Kusho uMoore.
Lokhu kuvame ukusetshenziswa njengesigaba sokuqala ekuhlaselweni kwezigaba eziningi, okusetshenziselwa ukulanda ifayela elisebenzisekayo noma ngokufaka i-bot.
UWolfgang Kandek, i-CTO weQualyx, uthi i-Tenier Metasploit esekela ukuxhashazwa kwakamuva izosiza ukuqwashisa ngengozi yezinhlelo zokusebenza zeJava eziphelelwe yisikhathi. «Izinzuzo zokuba nakho kwi-Metasploit ukuthi abafana abahle bangakhombisa ukuthi lokhu kuhlasela kusebenza kanjani", uthi.
Izinhlangano eziningi ezithola ukuthi izinhlelo zokusebenza eziphelelwe yisikhathi zeJava kudatha yamakhasimende eQualys kwakuyizinkampani ezinkulu, esho. «Kunokuthambekela kokungabi nezinqubo ezinhle zokufaka i-Java. Undiza ngaphansi kwe-radar", Uthi.
---- Futhi lapha indatshana iphela.
Akungabazeki ukuthi lokhu kuhlobene kakhulu nalokho esishilo ngaphambili ... okungukuthi, maqondana nalokho ICanonical izoyeka ukunikeza iJava kusuka ku-Oracle ezinqolobaneni zayo (Ubuntu, Kubuntu, Xubuntu, njll), kusobala, yebo Oracle ayikuvumeli ukufakwa kokuvuselelwa, akukufanele, ngoba umsebenzisi angaba sengozini enkulu ekuhlaselweni njengalawo ashiwo ngenhla.
Noma kunjalo, ucabangani ngakho? 😉
Phendula ngokucaphuna
P.S: Izolo nje bengifunda isifundo mayelana nokuthi kungenzeka kanjani ukufaka iLinux ku-Nokia N70 yami, angikaze nginqume ukuyenza i-LOL !!!
Kade ngisebenzisa i-IcedTea (OpenJDK, mahhala) isikhathi eside futhi cishe ngaso sonke isikhathi ngiyikhubazile ngoba angiyisebenzisi neze ...
Nginokuncane, cishe izinyanga ezintathu ngisebenzisa i-OpenJDK, bengingazi ncamashi nephutha lokuphepha kuJava, ngilishintshile ukuze ngibone ukuthi i-libreoffice isebenza kanjani 😛
Ngiyazi ukuthi lokhu kucishe kube yi-toptopic kepha… i-Linux ku-Nokia? Njengo? Uma ngikwazi ukukhipha i-m m__ engokomfanekiso kuma-5800 wami ngingajabula!
Ubuwazi ukuthi uSymbian ungumzala wokuqala kaLinux? 😀
Noma kunjalo, angikalufundi ulwazi olwanele ngale Linux kwiNokia ... ungakhathazeki, lapho ngithola imininingwane efanelekile ngizokunikeza izixhumanisi 😉
I-KZKG ^ Gaara… ungazihluphi nami kepha… kunamaphutha athile ekuhumusheni, ngokwesibonelo:
1.
2.- "Umthengisi" ngesiNgisi futhi kusho ukuthi "Umhlinzeki" ("Umhlinzeki") ngakho-ke ibinzana elithi "Kodwa abathengisi abaningi beLinux ..." lihlala ngaphandle kwenkinga "Kepha abathengisi abaningi beLinux ..."
Phendula ngokucaphuna
Nah ngalutho 😀
Akungikhathazi ngempela, angiyena umhumushi oqeqeshiwe, kungasaphathwa i-LOL !!!
Ngiyayilungisa njengamanje 😉
Ngempela, ngiyabonga kakhulu, ukuqonda isiNgisi akunzima kimi, okuyinkimbinkimbi kimi ukuyibhala nokuyi-oda ngeSpanishi 😀
Phendula ngokucaphuna
🙂
Kwenzeka into efanayo kimi ngeSpanishi; Imisho equkethe izinkulumo zendawo kunzima kimi ukuyiqonda. Yize okungenani ezinye zisangiphunyuka.
"I-hat hat hacker" isisho esisetshenziselwa ukuqoka isigebengu esinonya futhi kuyimpikiswano ukusihumushela olimini lwesiSpanish.
Ukubingelela nokuhaga okuqinile
Angazi kodwa ngiyazi ukuthi "ukwazi" akuveli kusichazamazwi seRAE.
Siphinde sibe nabathengisi beLinux njengoTito Mark nabazingeli bakhe
Masibone ... ilaptop yami yenziwa eChina, kepha isilawuli se-QUALITY luchungechunge lwe-HP's B, okungukuthi ... izingxenye zenziwa eChina (umsebenzi oshibhile ...) kepha ngubani onquma ukuthi iziphi izinto ezanele ngokwanele umenzi 😉
"I-Oracle inikela ngesici sokuvuselela ngokuzenzakalela seJava, kepha sidinga amalungelo okuphatha kumsebenzisi wekhompyutha ukusisebenzisa, into izinkampani eziningi ezingakuvumeli"
"Kunomkhuba wokungabi nezinqubo ezinhle zokuthwebula iJava."
Ngakho-ke inkinga akuyona iJava kodwa ukuthi abasebenzisi abanawo umkhuba wokuyibuyekeza, akunjalo?
Ngokwethembeka inkinga ngeJava iphephe kakhulu, uma uyiqhathanisa ne-flash java iphephe kakhudlwana izikhathi ezingama-20, inkinga ukuthi ilulimi olukhasayo. kumnandi ukufunda kepha kuyiphupho elibi LOL!
Bengifuna ukuthi * akunjalo ukuphepha *
Izikhathi eziningi asinikwanga ukuthi kungenzeka, i-Oracle nemikhawulo yayo.
Ngokwami ngisebenzisa i-OpenJDK, futhi kuze kube manje azikho izikhalazo 🙂
Ngizamile ku-Debian Squeeze ukukhipha i-sun-java ngibuyele kokuzenzakalelayo, futhi… ekugcineni ngiyeke.
iqiniso ukuthi iJava ibiyindlela enhle endala kudala manje izinkinga nje eziningi 🙁
Okunye kokuncika eMexico yi-SAT ne-IMSS, okuqinisekisa ukuthi kufanele usebenzise izinhlobo ezindala kakhulu zeminyaka engaphezu kwengu-3, ngoba uma ungakwazi ukufaka izingosi zabo.
Ngisebenza kakhulu nabasebenzisi bezokuphatha futhi abakaze bavuselele lutho futhi basebenzisa iJava ezinhlelweni eziningi zikahulumeni futhi ezidinga izinhlobo ezithile ezibandakanya ukuba sengozini okukhulu, lokhu futhi kuyisihloko izikhungo ezinjenge-IMSS kanye ne-SAT eMexico okufanele zisithathe ngokungathi sína izinhlelo zakho zokusebenza futhi ayisasabalalisi isoftware eyenziwe ngo-2004 noma phambilini ngezinkinga ezinjalo
Yebo, ngisebenzise i-sun-java isikhathi esithile futhi iqiniso ukuthi anginazo izikhalazo zokuthola imiphumela ebengilokhu ngiyifuna futhi ngidlulela ngaphesheya kokuvamile. I-openjdk yentuthuko akuyona into engingayincoma kunoma ngubani yize ngicabanga ukuthi leyo yimigomo yami. Jabulela