Fun with malware
I've had a fun time in the last 24 hours with a piece of malware that managed to install itself via Firefox and a Java applet. Breezed straight in, installed a nasty IE toolbar and hijacked IE.
Having poked and prodded extensively, the security hole was in Java, and was fixed between Java 1.4.1_01 (which I was using yesterday) and Java 1.4.2_05 (which I'm using now).
Moral: If you have Java enabled in Mozilla/Firefox on Windows, update to the latest Java Runtime right now unless you like the idea of websites being able to execute arbitrary code on your machine.
Having poked and prodded extensively, the security hole was in Java, and was fixed between Java 1.4.1_01 (which I was using yesterday) and Java 1.4.2_05 (which I'm using now).
Moral: If you have Java enabled in Mozilla/Firefox on Windows, update to the latest Java Runtime right now unless you like the idea of websites being able to execute arbitrary code on your machine.