Just Get Rid of Java

Apparently there are security flaws in the current version of Java allowing the installation of malicious software through web browsers unknown to the user. The known attacks using this flaw work on Windows, OSX, and Linux. According to Reuters:

Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. Microsoft Windows and Internet Explorer were involved in about 3 percent of incidents, according to the survey.

The Department of Homeland Security recently said computer users should disable Java. At first this seems odd. The vulnerability in question is only in Java 7. So why not go back to Java 6? Well, Java 6 has vulnerabilities too, which is why DHS and others have recommended getting to 7. Also, starting in 7, the automatic upgrades are more aggressive. So going backwards is probably not a great idea. (If just happens I had to go backwards to get a tool I needed to work and forgot to go back forward.)

Also, for a similar situation back in August the recommendation was to make the browser prompt before allowing Java to run. The strategy is just stop Java entirely. Apple has removed Java browser plugins. That could work too. Except for bad, bad software like ours (sorry, sarcasm if you could not tell) which makes use of a few applets. In the last week I have gotten a request to add another applet.

A fix to Java 7’s vulnerabilties should be available in a couple days.

GRE Cheating

Reuters had an interesting article on Chinese students gaming the GRE by setting up networks to share questions. Basically those who take the test post the questions online. Blogs and SEO ensures those seeking the questions can find them. Because ETS takes forever to ensure each question properly measures what it should, the questions are acquired faster than replaced.

Educational Testing Services places physical security on the tests to ensure the questions are not leaked by people acquiring copies of the test. Unfortunately, memorization of the questions is difficult to defeat this way.

Grade Point Average and tests like the GRE are common admission requirements to a graduate program. A high score becomes an obsession to students looking to attend their chosen program. The desperate seek any edge. Some people hire tutors or educational services who help learn how to take the tests. Bookstores carry study guides. Plenty of web sites offer advice.

The difference between legitimate assistance is the questions are not the real one. Studying the actual questions is crossing the line.

We see the same cheating behavior in other high stakes testing. The testing companies are have done such a great job making their tests the metric that a high score becomes so important people must have a good one. Therefore, defending the validity of the tests requires them to stay one step ahead of cheaters. Guess that is price of attaining the dream for a testing company.