36 posts in this topic

Posted

[font=georgia,serif][b][size=5]Critical Java zero-day bug is being

Share this post


Link to post
Share on other sites

Posted

Good ole NoScript and disabling Java Plugin in my browser (Y)

Share this post


Link to post
Share on other sites

Posted

Figures it's Java...

Share this post


Link to post
Share on other sites

Posted

No sign of this "massively exploited" here in Norway where everyone has to have java. shrug.

Share this post


Link to post
Share on other sites

Posted

Whoa wait wait is this exploit accessible only over Java or also over Javascript? I'm a newb when it comes to these things but I have Java disabled in Firefox so I guess I'm fine^^

Share this post


Link to post
Share on other sites

Posted

Friends don't let friends install Java.
5 people like this

Share this post


Link to post
Share on other sites

Posted

[quote name='SkyDX' timestamp='1357909315' post='595447266']
Whoa wait wait is this exploit accessible only over Java or also over Javascript? I'm a newb when it comes to these things but I have Java disabled in Firefox so I guess I'm fine^^
[/quote]

Java only.

JavaScript is different.

Share this post


Link to post
Share on other sites

Posted

[quote name='Dot Matrix' timestamp='1357909489' post='595447272']
Friends don't let friends install Java.
[/quote]

Everyone I know it seems has discovered Minecraft so Java is back again XD
1 person likes this

Share this post


Link to post
Share on other sites

Posted

Nothing wrong with Java... just don't let it anywhere near a browser is all. Wouldn't want my browser having access to a C compiler either.
1 person likes this

Share this post


Link to post
Share on other sites

Posted

I got hit by this darn thing last night going to Houzz.com (a major house renovation site) and I have to have java due to work *grumbles* thanks work..... good thing I have an image of my system to restore from easily

went to the site screen went blank after a second then some pay up to the FBI because you are using copyright images crap that you can't get rid of without a ton of work

Share this post


Link to post
Share on other sites

Posted

Honestly, i think malware writers have another 50 vulns figured out, and theyre just using 1 at a time and will always be ahead of the game, with java. Im so paranoid about it I only run my java apps in a VM lol(yes i know some malware can escape still).

Share this post


Link to post
Share on other sites

Posted

Why is java always a security hole.

Share this post


Link to post
Share on other sites

Posted

[quote name='DrakeN2k' timestamp='1357911898' post='595447374']
Why is java always a security hole.
[/quote]

Because millions use it. and it's a popular thing to whine abotu java security, instead of al the browser security holes and such.

Share this post


Link to post
Share on other sites

Posted

Glad I. banished the jabba runtime enviornment to a single vm with Cisco cp. Wouldn't install it on a production machine
No idea why developers and companies like Cisco use this trash.
2 people like this

Share this post


Link to post
Share on other sites

Posted

[quote name='DrakeN2k' timestamp='1357911898' post='595447374']
Why is java always a security hole.
[/quote]
Because it's ass.

Share this post


Link to post
Share on other sites

Posted

Does this affect the JDK?

Share this post


Link to post
Share on other sites

Posted

Not only because a lot of people use but also because it's something that too many people never update.

Everytime I get a relatives PC to fix it has usually been blown wide open because of a Java exploit. It seems like it's just too easy to get into peoples systems through Java regardless of whether it's a zero day bug or not.

Share this post


Link to post
Share on other sites

Posted

[quote name='GarakObama' timestamp='1357925442' post='595447822']
Not only because a lot of people use but also because it's something that too many people never update.

Everytime I get a relatives PC to fix it has usually been blown wide open because of a Java exploit. It seems like it's just too easy to get into peoples systems through Java regardless of whether it's a zero day bug or not.
[/quote]

All the more reason to kill it with fire, burn the remains, and shun anyone who says otherwise.

Share this post


Link to post
Share on other sites

Posted

i only use java for minecraft anymore so i've gotten to the point where I only use the portable version of Java that's available on portableapps.com

Share this post


Link to post
Share on other sites

Posted

[quote name='GarakObama' timestamp='1357925442' post='595447822']
Not only because a lot of people use but also because it's something that too many people never update.

Everytime I get a relatives PC to fix it has usually been blown wide open because of a Java exploit. It seems like it's just too easy to get into peoples systems through Java regardless of whether it's a zero day bug or not.
[/quote]

This isn't always an option see cisco cp and sdm

Share this post


Link to post
Share on other sites

Posted

Since Java and flash are so widely exploited but still required in the browser for various reasons (such as SDM and YouTube), the "click to play" feature in Chrome and Firefox adds a nice extra layer of protection. When enabled, you can selectively enable specific plugins (or all plugins) for any web page or website. That way you can still use plugins without worrying about them being exploited by any random, potentially malicious website.

To enable click to play in Chrome, go to Wrench->Settings->Show advanced settings...->Content settings..., check the "Click to play" box under the "Plugins" heading, and restart your browser.

To enable click to play in Firefox, open a new tab, type "about:config" in the address box, type "click_to_play" in the "Search:" filter, change the setting value to true, and restart your browser.

Share this post


Link to post
Share on other sites

Posted

[quote name='neufuse' timestamp='1357910053' post='595447302']
I got hit by this darn thing last night going to Houzz.com (a major house renovation site) and I have to have java due to work *grumbles* thanks work..... good thing I have an image of my system to restore from easily

went to the site screen went blank after a second then some pay up to the FBI because you are using copyright images crap that you can't get rid of without a ton of work
[/quote]

Sandboxie FTW.

I've been preaching the dangers of java for over a year.

December 16th 2011
Java! Uninstall It, Update it, or bend over and grab the ketchup!
[url="http://www.neowin.net/forum/topic/1045727-java-uninstall-it-update-it-or-bend-over-and-grab-the-ketchup/"]http://www.neowin.ne...ab-the-ketchup/[/url]

A few months ago I went to a persons house to help them with something after my competitor removed malware from their machine. Not sure why they called me, after he worked on it (Probably because he doesn't do house calls and doesn't do any remote assistance). Anyway, as I was going through the machine I noticed that he not only left java on the machine after cleaning up the malware but left an out of date version. Effectively he left the door wide open that the malware came into to begin with. It would NOT surprise me, if he didn't know the dangers of java.

Share this post


Link to post
Share on other sites

Posted

i guess this one has ended up being the final straw, I'm now seeing everywhere even major companies saying don't use java unless you absolutely have too. even Apple has blocked java 7 in OSX apparently

Share this post


Link to post
Share on other sites

Posted

Unfortunately, there's allot of people that *must* use Java (for financial apps, for example), so uninstalling isn't really a solution. At all.

Oracle should put more assets to make Java more secure.

Share this post


Link to post
Share on other sites

Posted

[quote name='Praetor' timestamp='1358014955' post='595449888']
Unfortunately, there's allot of people that *must* use Java (for financial apps, for example), so uninstalling isn't really a solution. At all.

Oracle should put more assets to make Java more secure.
[/quote]that's why I use this http://portableapps.com/apps/utilities/java_portable and http://portableapps.com/apps/utilities/java_portable_launcher

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.