JAVA Attack
- Amskeptic
- IAC "Help Desk"
- Status: Offline
JAVA Attack
Not looking good. Malicious computer hijacking possible through infected website secret code dump.Recommended to shut off JAVA, (browser applets) no known fix at this time EVEN THOUGH JAVA claims that 7.11 is good. Some sites have even suggested that repair may take up to two years.
What have you heard?
Colin
http://bits.blogs.nytimes.com/2013/01/1 ... necessary/
What have you heard?
Colin
http://bits.blogs.nytimes.com/2013/01/1 ... necessary/
BobD - 78 Bus . . . 112,730 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
- Westy78
- IAC Addict!
- Location: Stumptown OR
- Status: Offline
Re: JAVA Attack
Looks like Oracle has addressed the problem with an update available today. I use Firefox as my default browser and have Java disabled.
http://www.npr.org/blogs/thetwo-way/201 ... sabling-it
http://www.npr.org/blogs/thetwo-way/201 ... sabling-it
Chorizo, it's what's for breakfast.
- Amskeptic
- IAC "Help Desk"
- Status: Offline
Re: JAVA Attack
Westy78 wrote:Looks like Oracle has addressed the problem with an update available today.
http://www.npr.org/blogs/thetwo-way/201 ... sabling-it
That's what I thought too,
Oracle addressed the security threat by releasing Java SE 7 update 11. The company provides instructions on how to update the software patch on its website.
Although it appears that the software vulnerability has been fixed, there may still be bugs in the software.
Reuters reports that Adam Gowdiak, Java security expert at Security Explorations, says Oracle's update leaves "several critical security flaws" unfixed.
"We don't dare to tell users that it's safe to enable Java again," Gowdiak told Reuters.
In a statement given to CBS News, Security Exploration elaborated on the possible security flaw.
Although Java 7 Update 11 released by Oracle yesterday addresses the 0-day attack spotted in the wild, there are still unpatched security vulnerabilities that affect the most recent version of the software. Just to mention the bug #50 we reported to Oracle on 25-Sep-2012.
That doesn't necessarily mean users should skip the software update. Kurt Baumgartner, senior security researcher at Kaspersky Lab, tells CBSNews.com that it appears that Oracle fixed the issue at hand, but there are always going to be flaws in software.
"No one is going to guarantee 100 percent on any issue, but they are taking care of the issue at hand," Baumgartner said, adding that it's unnecessary, and to a certain extent unrealistic, for all users to disable Java.
Last year Kaspersky Labs found that 50 percent of all cyber attacks last year using software bugs were done by exploiting a hole in Java. Baumgartner posits that one of the security risks is that Oracle may know about a software vulnerability, but may not release a patch in time to protect users.
BobD - 78 Bus . . . 112,730 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
- Westy78
- IAC Addict!
- Location: Stumptown OR
- Status: Offline
Re: JAVA Attack
Huh. I guess it's better to just leave it disabled for the time being. I've disabled it in the "Java Control Panel" under the advanced tab in the computer control panel for "Mozilla Family" and "Microsoft Internet Explorer" for now. I wonder if I can still use my online banking without it?
Chorizo, it's what's for breakfast.
- Amskeptic
- IAC "Help Desk"
- Status: Offline
Re: JAVA Attack
I had no idea how ubiquitous this "Java" stuff is. Even the folders on this site went dead, so did the buttons up there, like "quote" I had to manually enter.Westy78 wrote:Huh. I guess it's better to just leave it disabled for the time being. I've disabled it in the "Java Control Panel" under the advanced tab in the computer control panel for "Mozilla Family" and "Microsoft Internet Explorer" for now. I wonder if I can still use my online banking without it?
Stupid new world. They got us over the barrel. "you agree to allow us to share information about your browser experience . . . . "
BobD - 78 Bus . . . 112,730 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
- Westy78
- IAC Addict!
- Location: Stumptown OR
- Status: Offline
Re: JAVA Attack
The quote button still works on my end with Java disabled.? But yeah, Java is in way more than you think.
Chorizo, it's what's for breakfast.
- Amskeptic
- IAC "Help Desk"
- Status: Offline
Re: JAVA Attack
Might be my Chrome settings, I am on "full paranoid".Westy78 wrote:The quote button still works on my end with Java disabled.? But yeah, Java is in way more than you think.
Colin
BobD - 78 Bus . . . 112,730 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
- tristessa
- Trusted Air-Cooled Maniac
- Location: Uwish Uknew, Oregon
- Status: Offline
Re: JAVA Attack
There's a difference between Java and JavaScript. All of the forum functions (at least the ones *I* see) are in JavaScript.
This isn't to say that JavaScript can't be used for malicious things (that's been going on for years), but it's a different thing altogether from the current Java vulnerability.
This isn't to say that JavaScript can't be used for malicious things (that's been going on for years), but it's a different thing altogether from the current Java vulnerability.
Remember, only YOU can prevent narcissism!
- Amskeptic
- IAC "Help Desk"
- Status: Offline
Re: JAVA Attack
I deleted everything with the name JAVA to await the new improved shouldabintightfromthegitgo JAVA update.tristessa wrote:There's a difference between Java and JavaScript. All of the forum functions (at least the ones *I* see) are in JavaScript.
This isn't to say that JavaScript can't be used for malicious things (that's been going on for years), but it's a different thing altogether from the current Java vulnerability.
Colin
(how 'bout that Boeing Dreamliner, huh?)
BobD - 78 Bus . . . 112,730 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
- zabo
- Old School!
- Location: earth
- Contact:
- Status: Offline
Re: JAVA Attack
yea no need for that - its like pulling off your plug wires because your glovebox is broken
http://www.nbcnews.com/technology/techn ... -1B8000547Sophos Security notes that understandably, some users mistakenly think turning off Java also turns off JavaScript, which controls the look and feel of Web pages.
"Most modern websites make heavy use of JavaScript, so these people are worried that sites such as Facebook, Twitter ... will be pretty much useless if they follow our 'turn Java off' advice," writes Paul Ducklin of Sophos Security on the company's blog Wednesday.
"Turning off Java will not turn off JavaScript," he says.
60 beetle
78 bus
78 bus
- RSorak 71Westy
- IAC Addict!
- Location: Memphis, TN
- Contact:
- Status: Offline
Re: JAVA Attack
They came out with a JAVA update a few days ago that was supposed to fix the problem. But then the next day the discoverers of the original flaw announced that it was just as broke as before.....so still be careful, till the next update comes out.
Take care,
Rick
Stock 1600 w/dual Solex 34's and header. mildly ported heads and EMPI elephant's feet. SVDA W/pertronix. 73 Thing has been sold. BTW I am a pro wrench have been fixing cars for living for over 30 yrs.
Rick
Stock 1600 w/dual Solex 34's and header. mildly ported heads and EMPI elephant's feet. SVDA W/pertronix. 73 Thing has been sold. BTW I am a pro wrench have been fixing cars for living for over 30 yrs.
- Amskeptic
- IAC "Help Desk"
- Status: Offline
Re: JAVA Attack
I have had three blue screens of death in the past two days. Event 2003 Category 102RSorak 71Westy wrote:They came out with a JAVA update a few days ago that was supposed to fix the problem. But then the next day the discoverers of the original flaw announced that it was just as broke as before.....so still be careful, till the next update comes out.
Colin
BobD - 78 Bus . . . 112,730 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles
Chloe - 70 bus . . . 217,593 miles
Naranja - 77 Westy . . . 142,970 miles
Pluck - 1973 Squareback . . . . . . 55,600 miles
Alexus - 91 Lexus LS400 . . . 96,675 miles