It is currently Mon Oct 19, 2020 11:10 pm

All times are UTC




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 47 posts ]  Go to page 1, 2, 3, 4  Next
Author Message
PostPosted: Wed Aug 29, 2012 8:21 pm 
Offline
Obduction Backer

Joined: Sun Aug 08, 2010 2:14 pm
Posts: 808
Information: http://www.pcworld.com/businesscenter/article/261573/unpatched_java_vulnerability_exploited_in_blackholebased_attacks.html

To put things simply, Java 7 now comes with a critical, zero-day security issue which allows hijacking of your computer. Hackers now have an easy way to get into your machine.

The solution? Check if your Java is subject to the issue, and if it is, uninstall or disable it. The fix will probably won't come for a while, unless Oracle has a sudden change in its (black) heart.

_________________
Lyrositor


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Aug 29, 2012 8:31 pm 
Offline

Joined: Tue Jan 11, 2011 9:26 pm
Posts: 2501
Location: Ontario, Canada
WOW! Thanks for the info! I have disabled my Java 7 plugin for now. Thankfully Java is not used much on the web.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 29, 2012 8:42 pm 
Offline
Obduction Backer

Joined: Sun Aug 12, 2007 6:15 am
Posts: 587
Thanks for the heads-up on this, Lyros! Done, done and done (although the IE fix is NOT simple).

Lyrositor wrote:
The fix will probably won't come for a while, unless Oracle has a sudden change in its (black) heart.

Hate hearing this, as several of my own sites use Java elements :evil:


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Aug 29, 2012 9:18 pm 
Offline

Joined: Fri Dec 29, 2006 7:27 am
Posts: 30
Location: Redmond, WA
In light of this news, it is a great time to double-check that your anti-virus/anti-malware solution reports it is running and fully up-to-date. Schedule a full scan of your computer if is has been awhile and, especially, if you use the Internet with any frequency.

After reviewing some details on this exploit, it does not seem that standalone applications that use Java (e.g. Minecraft) are necessarily affected at this time. It may, then, be sufficient to simply disable the Java applet in your browser rather than completely uninstalling the entire Java runtime. In this way, folks can continue to use these out-of-browser programs until such time as it is revealed the scope of this vulnerability has widened.

Of course, the rules continue to apply for running any software obtained on the Internet, Java-based or otherwise. Be sure it comes from a trusted source, and never run unsigned or unverifiable software in an elevated or administrator mode. (As a programmer with experience working for Microsoft, I can confidently state that it is truly a rare and exceptional case when software needs elevated permissions. Developers who insist otherwise are, at best, victims of poor and outdated programming habits and are, at worst, lazy and apethetic with regards to security.)


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 29, 2012 9:30 pm 
Offline

Joined: Fri Dec 29, 2006 7:27 am
Posts: 30
Location: Redmond, WA
Emor D'ni Lap wrote:
...although the IE fix is NOT simple...


Assuming folks are using a recent version of IE...
    1) Click on the Settings icon (looks like a gear) and choose "Manage add-ons"
    2) On the dialog that appears, select the option "Show All Add-ons" from the drop-down.
    3) Ensure the list is sorted by "Publisher"
    4) Scroll through the list and locate "Oracle America, Inc."
    5) Click on the header for Oracle, which should select all of the items underneath it
    -or- Manually select each item in the Oracle section.
    6) Press the "Disable all" button
(I will concede this is not "simple" per se, but it is hardly "complex". :-))


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Aug 29, 2012 9:44 pm 
Offline
Obduction Backer

Joined: Tue May 09, 2006 4:41 pm
Posts: 1715
Location: South Georgia
Permanent Solution: Totally uninstall Java. Java is a tool of satan and a relic of the past at this point. It is obsoleted by modern languages not backed by corporate entities, such as Python.

_________________
Image


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Aug 29, 2012 10:04 pm 
Offline

Joined: Tue Jan 11, 2011 9:26 pm
Posts: 2501
Location: Ontario, Canada
That a bad sulustion considering the number of applets and Java apps out their and considering that they are still people writing programs in Java. Also I should point out that Java is the "default" language for Android(although you can make native apps) and Blackberry.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Aug 29, 2012 10:06 pm 
Offline

Joined: Fri Dec 29, 2006 7:27 am
Posts: 30
Location: Redmond, WA
I'm not a moderator, but we should probably move this language discussion to another thread, if we continue it at all.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 30, 2012 12:13 am 
Offline
Obduction Backer

Joined: Sat May 21, 2011 2:18 pm
Posts: 286
Location: Ontario, Canada
Seraku wrote:
I'm not a moderator, but we should probably move this language discussion to another thread, if we continue it at all.


Since it doesn't really have anything to do with MOULa, this is the best and only thread for it.

_________________
Enter text here


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 30, 2012 12:53 am 
Offline

Joined: Fri Dec 29, 2006 7:27 am
Posts: 30
Location: Redmond, WA
Ahlisendar wrote:
Seraku wrote:
I'm not a moderator, but we should probably move this language discussion to another thread, if we continue it at all.

Since it doesn't really have anything to do with MOULa, this is the best and only thread for it.

Sorry. I should have been more clear that I meant only to refer to the discussion about the merits/perils of programming languages that Adam and Jamie brought up. This thread started to make folks aware of the Java vulnerability, and I wouldn't want it to devolve into a potentially flame-ridden war over which programming language is better. I'm a developer, and I have met many developers. We can be very passionate (to phrase that delicately) over language preference. :-)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 30, 2012 1:44 pm 
Offline
Obduction Backer

Joined: Sat May 21, 2011 2:18 pm
Posts: 286
Location: Ontario, Canada
Seraku wrote:
Ahlisendar wrote:
Seraku wrote:
I'm not a moderator, but we should probably move this language discussion to another thread, if we continue it at all.

Since it doesn't really have anything to do with MOULa, this is the best and only thread for it.

Sorry. I should have been more clear that I meant only to refer to the discussion about the merits/perils of programming languages that Adam and Jamie brought up. This thread started to make folks aware of the Java vulnerability, and I wouldn't want it to devolve into a potentially flame-ridden war over which programming language is better. I'm a developer, and I have met many developers. We can be very passionate (to phrase that delicately) over language preference. :-)


Oh, I see. Like "a commentary on Uru photography".

_________________
Enter text here


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 30, 2012 8:35 pm 
Offline
Obduction Backer

Joined: Tue May 09, 2006 1:46 am
Posts: 196
Location: In a Little House on the Prairie
Marking.

_________________
"Excuse me, this is not the world I ordered. Please take it away and bring me a fresh one."


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 30, 2012 8:35 pm 
Offline
Former MystOnline Moderator

Joined: Fri Nov 10, 2006 3:05 pm
Posts: 4208
Location: 56°2'26", -3°20'28"
This is the only forum section that can accomodate a thread that isn't directly related to a Cyan product. I'd also caution against holding a debate about whether language A is better/worse than language B - these are wars that are never won and in any case this isn't a forum about programming languages.

However, it looks as if Oracle have moved on these vulnerabilities and have pushed out an update to address the issue: https://blogs.oracle.com/security/entry ... _cve_20121

_________________
Image Mac - MOULagain KI#00004826 00004289
In the interests of the environment, this post has been constructed entirely from recycled electrons.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Aug 31, 2012 3:35 pm 
Offline

Joined: Tue Jan 11, 2011 9:26 pm
Posts: 2501
Location: Ontario, Canada
You can get the patches here:
http://www.oracle.com/technetwork/java/ ... 36413.html


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 02, 2012 5:08 pm 
Offline
Obduction Backer

Joined: Tue May 09, 2006 4:41 pm
Posts: 1715
Location: South Georgia
Despite the patch, there is still a security vulnerability. According to a slashdot commenter, there are 13 unpatched holes. I did not verify the latter however.

_________________
Image


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 47 posts ]  Go to page 1, 2, 3, 4  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to: