Announcement

Collapse
No announcement yet.

Zero-Day Java Exploit

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Zero-Day Java Exploit

    Just an FYI for those not plugged into the tech community.

    There is a fairly serious exploit for the current Java version (number 7), all patch levels, including fully current.

    So, if you have Java 7 installed on your system, you should disable it in your web and email browsers.

    The exploit works by using special html pages to run programs on your system. Either you visit a page that has the code (or has been hacked and had the code added) or you open an email with the same.

    To disable it in Firefox or Thunderbird, you go to Tools > Add Ons > Plug Ins - find the one called Java Platform and disable it.

    There's not a lot out there that still uses Java, and if you really must access a site with it that you know is clean, you can try going through Chrome, which whitelists plug-ins by site as opposed to universally.

    Info at Ars Technica

    ^-.-^
    Faith is about what you do. It's about aspiring to be better and nobler and kinder than you are. It's about making sacrifices for the good of others. - Dresden

  • #2
    Eep. Just disabled it for now. Thanks muchly for the news!
    1129. I will refrain from casting Dimension Jump and Magnificent Mansion on every police box we pass.
    -----
    http://orchidcolors.livejournal.com (A blog about everything and nothing)

    Comment


    • #3
      There's an update on the article about how it's been seen active in the wild by Kaspersky Labs being used in online ads. So even if the site you're visiting is trusted, it's possible for them to end up being served an ad that is not.

      ^-.-^
      Faith is about what you do. It's about aspiring to be better and nobler and kinder than you are. It's about making sacrifices for the good of others. - Dresden

      Comment


      • #4
        Everyone should nuke Java. From orbit. It's the only way to be sure.

        Comment


        • #5
          So, Oracle released an update for Java. 7.11

          It makes java-required sites not work at all. >_<

          So, if you can use Java in you browser now, don't update or it'll become non-existent as far as your browser is concerned.

          And, because of the way Java works in the browser, you can't back up, either.

          So, if you're a user of Pogo or other game sites that use Java to work, you don't want to update to the current version. Considering how big EA is, however, Oracle should have a fix to fix this fix (which didn't actually fix the last fix) soon.

          ^-.-^
          Faith is about what you do. It's about aspiring to be better and nobler and kinder than you are. It's about making sacrifices for the good of others. - Dresden

          Comment


          • #6
            I've been wondering lately what use Java is these days. Thanks for the tip, Andara!
            "And though she be but little, she is FIERCE!"--Shakespeare

            Comment


            • #7
              We've disabled it on all the Firefox browsers in the company I work for. Nobody has really noticed.

              However, there is one site I visit that uses java, so I run that through Chrome, which wants an ok for every load of the applet. Which is annoying, but works well enough.

              In the meantime, if I want to use java-based browser stuff at home, I'm reduced to running IE. >_<

              ^-.-^
              Faith is about what you do. It's about aspiring to be better and nobler and kinder than you are. It's about making sacrifices for the good of others. - Dresden

              Comment


              • #8
                I have Java, it's on my installed programs list, but I go on Chrome and it's not on my list of plug-ins. I went on Firefox and it's not on the list of plug-ins.

                So...what do I do since I have it installed but it doesn't show up as a plug-in anywhere?

                Edit: Went on IE, the never used browser and turned off what Java is on there. Just not sure about Chrome and Firefox since it's not showing up on those two browsers.
                Last edited by Greenday; 01-22-2013, 11:24 PM.
                "I've found that when you want to know the truth about someone, that someone is probably the last person you should ask." - House

                Comment


                • #9
                  If you have the latest version of Java or if you have never used the Java plug-in, you won't have Java on either Firefox or Chrome. And Firefox actually disabled Java for their browser recently.

                  It's worth noting that the Java plug-in and Java are not precisely the same thing, and it's only the plug-in that was said to be at risk.

                  ^-.-^
                  Faith is about what you do. It's about aspiring to be better and nobler and kinder than you are. It's about making sacrifices for the good of others. - Dresden

                  Comment


                  • #10
                    Ok, good, then I'm safe.
                    "I've found that when you want to know the truth about someone, that someone is probably the last person you should ask." - House

                    Comment

                    Working...
                    X