" /> MowGreen: November 2005 Archives

« October 2005 | Main | December 2005 »

November 10, 2005

Veterans Day : A Tribute

On Veterans Day, for all who served, fought, and perished to defend Freedom, I want to say, I will never forget you. Without you I could not freely express my thoughts. Without you I could not vote for whom I wished to vote for. Without you I would never have experienced Freedom.

From Canada, Two Minutes of Silence is a Pittance ( Right click the link and choose Save as to save bandwidth.

From the US: Experiencing War - Stories from the Veterans History Project

Please view a personal interview with James Frank Dorris where he describes what it was like Liberating Dachau ( Click the Liberating Dachau link under Video (Interview Excerpts) to view it )

No words can adequately express the gratitude that I feel towards you. I will never forget your sacrifice and your bravery. To those who gave their all so that I could live in Freedom, you will always be in my heart and thoughts. So, from the bottom of my heart, I want to say THANK YOU.

Posted by MowGreen at 8:30 PM | | Comments (0) | TrackBacks (0)

November 1, 2005

Sun Drops the Ball Again : Sun J2SE Alert

If you haven't already read the previous article on why the Sun Java Auto Update mechanism is inherently insecure and just plain badly coded, then go here Sun Java (J2SE/JRE) Automatic Update Vulnerability. Seems they've done it again. Just exactly what is their problem ? Can they not hire some decent coders ? Or, do they just not care about possible Security vulnerabilities in J2SE ?


Sun Alert ID: 101981 (RESOLVED)

Synopsis: GTE CyberTrust Root Certificate Included in Various
Releases of J2SE will Expire on February 23, 2006
Date Released: 24-Oct-2005
Date Closed: 24-Oct-2005

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101981-1

Windows, Solaris, and Linux Platforms
* J2SE 5.0
* J2SE 1.4.2
* J2SE 1.4.1

> Impact

> A GTE CyberTrust root certificate included in various releases of Java 2 Platform, Standard Edition (listed below) will expire on February 23, 2006. Upon expiration, users of Java applications and applets, deployed with the Java Plug-in or Java Web Start which authenticate using certificates issued by the expiring root certificate may see a security warning dialog box during the authentication process.

> Relief/Workaround

> The security warning dialog box (described in "Symptoms" above) provides the option to grant permissions with the "Grant this session" or "Grant always" buttons. You may run the software by selecting either button. However, please **note that you should not choose these options unless you are prepared to trust the software that you are going to run.**

> Resolution

> The GTE CyberTrust root certificate will not be renewed by the Certification Authority, CyberTrust, Inc. Therefore, there are no software updates from Sun Microsystems, Inc., and you do not need to update your J2SE releases for this expiration

OK, let's see if we have this one straight. The GTE CyberTrust root certificate will expire February 23, 2006. GTE will no longer issue certs. So, when going to a website after that date, a website that may or not be malicious or have been hacked by a malicious individual , one is supposed to know if the java applet that is attempting to load is to be trusted or not.
Pray tell Sun, how would one determine that ?

What's galling is that they absolve themselves of any responsibility in this matter.

Therefore, there are no software updates from Sun Microsystems, Inc., and you do not need to update your J2SE releases for this expiration

EXCUSE ME ? Didn't we go down this road before when a Java certificate expired in July and those who had APC Powerchute Business UPS' found out that the Windows Installer would not function due to this ?
I do not know for certain that the same issue will arise again, but telling people to determine for themselves whether they should trust running Java inside of Sun's J2SE just shows once again, Sun's UTTER CONTEMPT FOR THE SECURITY of J2SE Users. Since it's almost impossible to find a link to contact the Java development team, perhaps it's best for concerned Users of Sun's J2SE to contact security-alert@sun.com to express their opinions in this matter.

Posted by MowGreen at 10:55 PM | | Comments (1) | TrackBacks (0)