Growth hacking. These are now available for use by governments and private entities as well as the scientific community. However, it is not clear how realistic these threats are.
Earlier this month, the APG responding to Stanford University's push for blocking the use of the CVEs' identifiers by hackers and malicious programmers, said "The APG has shown that it is impossible for the CSE (component of the Security Engineering Policy) to prevent attacks on Java-based security systems. As a result, APG will increase its efforts to protect the Java Virtual Machine (JVM) codebase from disruptive threats against the Java platform itself."
Gartner researcher John Buchholz, in an interview with Wired, said that it's worth noting that it took just 20 years to, in fact, come to fear the realization that the CBEs would be used by malware to take over the Java computers running the Java software.
The US Center for Law & Technology, whose report on the CSA was released last week, also highlighted the pervasiveness of the threat posed by the CBA, saying that these two CBE identifier portions are "accessed through the SSL/TLS protocols and (in a specific configuration) that could allow an attacker to discover and affect the security of a user's computer via login or email," the CFAA suggests.
Apple has thus far prevented the CBBs from accessing certain Apple apps, but the company has also acknowledged that its WiFi settings are at risk.
In a further note to its customers, Apple said that "the CBA may have in the future accessed through JPE (Apple's Java Platform Environment) code, including keystroke and title commands."
The CSA also warns of the dangers of collecting, retrieving, or reusing personal information stored on the servers of a "secure cloud" "in a manner that cannot be easily retrieved and corroborated by other systems." And it notes that "a person is likely to be automatically connected to an unsecured web service that is e-mail, web-based email, or other communications services."