More on the Java holes

[gem () RSTCORP COM (Gary McGraw)]

This will be a bit of "yadda yadda" for bugtraq folk, but
whatever.

My posting from yesterday did not place proper emphasis on just how
dangerous port scanning can be.  Just for the record, port scanning is
*very bad* since you might be able to discover things like weak
sendmails listening on port 25.

Microsoft considered the second attack enough of a problem to release
a patch.  MSIE users should go get it.  Major Malfunction and Ben
Laurie have performed a valuable service in helping to educate Web
users of the risks of executable content.  My posting is not meant to
discredit their work, just to nip any hysteria in the bud by trying to
explain what they have done clearly.

                                Gary McGraw
*------------------------------------------------------------------*
|  Dr. Gary McGraw      gem () rstcorp com   |              (__)      |
|-----------------------------------------|              (oo)      |
|  Research Scientist                     |       /-------\/       |
|  Reliable Software Technologies (RST)   |      / |     ||        |
|  Sterling, VA                           |     *  ||----||        |
|  <http://www.rstcorp.com/~gem>          |        ^^    ^^        |
*------------------------------------------------------------------*