Date: Thu, 15 Apr 2010 12:21:26 +0200 From: VOICE News Service Subject: [VOICENWS] Net: Java WS exploit affects Win, Linux: OS/2 safe from harm (?) ++ From the VOICE OS/2-eCS News Service http://www.os2voice.org ++ From: warpcafeDESPAM at DESPAMyahoo.de Multiple sources on the web today (April 15th) have picked up the story about an exploit introduced by a feature of the Java WebStart method. It seems that the exploit is based on the possibility to attach parameters to WebStart's commandline, thus enabling attackers to excute arbitrary code... perhaps also by first fetching it from some place. In most cases, I guess, this is not something anyone wants to see happen, is it? Note that the infection does not need to come from downloading and executing an application: What already happens is that the malicious actions take place when you surf to a "hijacked" web page! Interestingly, while Windoze and Linux are affected (regardless of used browser of course) OS X is not. Does WebStart not exist with Apple's OS? What about us: Is that a malware threat that (for one of the few moments in life) could also actually impact OS/2 and eComStation? [Moderator note: Please send any replies to the submitter or post your views on a discussion mail list or forum like the ones on os2world.com This post is just being sent out as a warning of a potential problem.] Links: * http://thompson.blog.avg.com/2010/04/heads-up-0day-itw-rihanna-is-a-lure.htmlhttp://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1 -- For a choice in the future of personal computing, Join VOICE - http://www.os2voice.org [Moderator's note: All posts are sent without guarantee to the accuracy of the content. We try to verify details and URLs but this is an entirely volunteer run list, so 100% fact checking and the quality/useability of products announced here is impossible. If you respond to this post please remove the DESPAM from the poster's email addresses. Please do not send requests for information about a specific post to the moderator unless it is an update or I sent it. To submit news to this list please use the submission form at http://www.os2voice.org/SubmitNews.html or send an email to "submit at os2voice.org" To unsubscribe yourself from this list, send the following message to majormajor at os2voice.org unsubscribe news end ]