New Java security bug discovered

Researchers at the University of Washington have discovered another security bug in Java, Sun's Internet programming language. This bug allowshackers to retrieve data from a user's computer using their Java-enabled Web browser. Fortunately, the bug only affects Sun's HotJava browser, notInternet Explorer or Navigator, the two most popular Web browsers. According to the researchers, the bug is only found in the Java SDK version1.1.2, which has yet to be integrated into the more popular Web browsers.

Sun has confirmed the existence of the bug but is downplaying its significance since IE and Netscape users are unaffected.

"Our security model is very good and our implementation is getting better,"said Marianne Mueller, a security engineer at Sun. "To me, that's differenta from situation where you don't even have a security model." She was referring to ActiveX, of course, though no one is sure what that has to do with this bug. More importantly, if Sun's "implementation" is gettingbetter, why does this bug affect their latest SDK and not any of the older versions