|
January 24, 2014, 04:36:13 PM |
|
Interesting reactions. I have not seen it in relation to bitcoin stuff but I know with absolute certainty that the scenario I proposed above is possible so "nope, never" is wishful thinking (at best). I have observed in the capacity of my work on multiple occasions, java applets that downloaded and ran executable files in windows, so if that is possible then what I have suggested above is possible. Believe whatever you like though.
Here is a version history for the current JRE (SE 7).
Release Release Date Highlights
Java SE 7 2011-07-28 Initial release. HotSpot VM 21 Java SE 7 Update 1 2011-10-18 20 security fixes, other bug fixes Java SE 7 Update 2 2011-12-12 No security fixes; HotSpot VM 22; reliability and performance improvements; support for Solaris 11 and Firefox 5 and later; JavaFX included with Java SE JDK, improvements for web-deployed applications Java SE 7 Update 3 2012-02-14 14 security fixes Java SE 7 Update 4 2012-04-26 No security updates; HotSpot VM 23; JDK Support for Mac OS X Java SE 7 Update 5 2012-06-12 14 security fixes Java SE 7 Update 6 2012-08-14 JavaFX and Java Access Bridge included in Java SE JDK and JRE installation, JavaFX support for touch-enabled monitors and touch pads, JavaFX support for Linux, JDK and JRE Support for Mac OS X, JDK for Linux on ARM Java SE 7 Update 7 2012-08-30 4 security fixes Java SE 7 Update 9 2012-10-16 30 security vulnerabilities fixes Java SE 7 Update 10 2012-12-11 New security features, such as the ability to disable any Java application from running in the browser and new dialogs to warn you when the JRE is insecure, and bug fixes Java SE 7 Update 11 2013-01-13 Olson Data 2012i, bugfix for problems with registration of plugin on systems with Stand-alone version of JavaFX Installed, security fixes for CVE-2013-0422; the default security level for Java applets and web start applications has been increased from "Medium" to "High" Java SE 7 Update 13 2013-02-01 50 security fixes Java SE 7 Update 15 2013-02-19 5 security fixes Java SE 7 Update 17 2013-03-04 2 security fixes Java SE 7 Update 21 2013-04-16 Multiple changes including 42 security fixes, a new Server JRE that doesn't include the plug-in, and the JDK for Linux on ARM Java SE 7 Update 25 2013-06-18 Multiple changes including 40 security fixes Java SE 7 Update 40 2013-09-10 New security features, hardfloat ARM, Java Mission Control and Retina Display support Java SE 7 Update 45 2013-10-15 51 security fixes, Protections against unauthorized redistribution of Java applications, Restore security prompts, JAXP changes, TimeZone.setDefault change. Java SE 7 Update 51 2014-01-14 36 security fixes
But as I say, believe what you like. As an experiment you could always go find a version of JRE 6 and then surf as many sketchy sites as you can find that use java and see how much malware you accumulate. And bitcoin related malware is becoming more common.
I also think some of these hacks are due to people downloading smart phone apps that have hidden malicious intent. My understanding is that most people don't pay much attention to the rights an app asks for when it is installed. So if you have a malicious app on your phone and you log into a bitcoin exchange or wallet, it wouldn't surprise me to hear that your coins got swiped.
|