Exported thinkings

I've had some fun following (from the sidelines) the results of the CanSecWest "PWN to OWN" contest. There's clearly a problem, there may or may not be an exploit in the (malicious) wild, and 3COM's Zero Day Initiative has the full information (which I fully expect they've shared with Apple by now). It'll be interesting to see how long it takes to fix this, and what exactly becomes public about how the exploit works. In the meantime, as it seems like browser Java is the vector used, I'm wondering how many people are now turning off Java in their browsers (and, of course, if that really matters).