dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10286
share rss forum feed


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to jabarnut

Re: Warning: 0-Day vulnerability in Java 7

Yes well you're "Light Years Away"
--
Don't feed trolls--it only makes them grow!



jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

Correct.



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

Guess that the guys behind Java had an "Oh shit!" moment and thought that maybe, just maybe, this deserved an out-of-band update contrary to their normal standard operating procedures.



jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

1 edit

I hear you...and their "standard operating procedures" were not too often for sure.
Glad they were on top of this one.
--
I had a life once.....now I have a Computer and a Modem.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by jabarnut:

Glad they were on top of this one.

Hopefully someone here will "take one for the team" and will visit a known exploit site. Then we'll know for sure if Oracle "did good".
--
Don't feed trolls--it only makes them grow!


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

Excellent suggestion! And since you're the one who suggested it, you're elected.
--
I had a life once.....now I have a Computer and a Modem.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by jabarnut:

...you're elected.

Thank you for your kind offer but I respectfully decline

For whatever reason there have been a ton of software/firmware updates (for software I use) today. It's been non-stop.
--
Don't feed trolls--it only makes them grow!


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

Lol..no problem, Stuart. Hell, I don't want to test it either.
I'll do what I usually do. Just sit around and observe, and see if anyone else has problems in the near future.
--
I had a life once.....now I have a Computer and a Modem.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

Well this old Lemming has seen others (and even tried when younger) "jump" but now prefers to watch the less wise do so
--
Don't feed trolls--it only makes them grow!



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to chachazz

ACK



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to siljaline

These posted in the ARS Article or this via Brian Krebs, should get everyone patched that needed patching.



DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1
reply to chachazz

Thanks. Emergency deployment begins tomorrow AM.



norwegian
Premium
join:2005-02-15
Outback

1 recommendation

reply to siljaline

Ta.

Download: »www.oracle.com/technetwork/java/···dex.html



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Mele20

said by Mele20:

Opera is as bad as Mozilla. I am not allowed to use version 6 on it.

No wonder I use IE8 more these days...I'm forced to as version 6 works fine on it.

With the update today...you can still get a version 6 that they have available and it is patched also for the problem.

posted that info here.

»Re: Java 7 update7 released today to patch zero day vulnabilty
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12

1 edit
reply to Name Game

 

Thats a good test!!!

Thank you... I find JAVA works better than flash! (Not as CPU intensive,etc)



EDIT:

It says my DL speed is 1.98Megs which i think is way off!!



I think the results from this one are more accurate

»www.computers4sure.com/speed.asp

Says my DL is 2386k



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by Dude111:

I think the results from this one are more accurate

Not for me. It told me 2740.1 Kbps which is way low.

I typically get 10.3Mbps from this site.

»www.speedtest.net




Even C/Net's test gave me 7,333Kbps.

»webservices.cnet.com/bandwidth/
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to norwegian

Re: Warning: 0-Day vulnerability in Java 7

Ta, norwegian See Profile


mysec
Premium
join:2005-11-29
kudos:4
reply to jabarnut

said by jabarnut:

Glad they were on top of this one.


Oracle knew about currently exploited Java vulnerabilities for months, researcher says
»www.techworld.com.au/article/435···er_says/

Oracle knew since April about the existence of the two unpatched Java 7 vulnerabilities that are currently being exploited in malware attacks, according to Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations.

Security Explorations reported 19 Java 7 security issues to Oracle on Apr. 2. Those issues included the two zero-day -- unpatched -- vulnerabilities that attackers are exploiting to infect computers with malware, Gowdiak said Wednesday via email.

According to a status report received on Aug. 23 from Oracle, the company was planning to fix the two vulnerabilities in its October Critical Patch Update (CPU), together with 17 other Java 7 flaws reported by Security Explorations, Gowdiak said.

Oracle releases security patches every four months. The last Java CPU was released in June and only addressed 3 of the security issues reported by Polish security firm.

"Although we stay in touch with Oracle and the communication process has been quite flawless so far, we don't know why Oracle left so many serious bugs for the Oct. CPU," Gowdiak said.

Oracle did not immediately return a request for comment regarding the vulnerability reports received from Security Explorations.



----
rich

mysec
Premium
join:2005-11-29
kudos:4
reply to SipSizzurp

said by SipSizzurp:

I would assume that my Faronics Anti-Executable would deny execution of the malicious code, but would my Anti-Executable also interfere with legitimate Java activity ? ( sorry for the hijack...)


I have JAVA whitelisted for just one site, and Anti-Executable doesn't interfere at all, because in legitimate JAVA activity, a non-whitelisted executable doesn't come into the picture, so there is nothing for Anti-Executable to alert to.


----
rich

mysec
Premium
join:2005-11-29
kudos:4
reply to StuartMW

said by StuartMW:

Hopefully someone here will "take one for the team" and will visit a known exploit site. Then we'll know for sure if Oracle "did good".


IMHO, a better test of my security would be to see if protection in place would prevent the exploit from running, without a patch in place.

If my security includes whitelisting plugins per site, then the exploit doesn't run if I am redirected to, or otherwise hit upon a booby-trapped site not white listed.

Below, the source code shows the malicious JAR file but it can't execute if the plugin is not enabled, so the page just sits there and does nothing:




This is reinforced from that JAVA check site:




(Newer versions of browsers include the option to be notified anytime a plugin is asked to run. This will alert to any attempt to exploit a plugin by remote code execution -- aka "drive-by")

Finally, as another poster mentioned, these exploits download a binary executable file, so, protection for that in place takes care of that possibility. Here, an old exploit against v.6:




I'm reminded of an article from almost 6 years ago now:

An Ounce of Prevention
»www.infosec.co.uk/ExhibitorLibra···tion.pdf

This approach [white listing] can effectively eliminate the need to patch in emergency mode. Malicious code by default is not on the white list which means that enterprises can rest assured that their exposed software vulnerabilities are safe from potential exploitation, enabling their IT staff to work proactively to develop scheduled patch deployments rather than being in a constant state of emergency.




----
rich


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2
reply to chachazz

I get a kick out of this. On one of my XP Machines after going back to the 'test site' that was posted earlier
»zulu.zscaler.com/research/java_version.html

I get the following:



Guess everything is all better now.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

I got the same result but I wouldn't be worried
--
Don't feed trolls--it only makes them grow!



jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

In the famous words of Alfred E. Neuman:

"What, me worry?"



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

quote:
Don't Worry, Be Happy

-Bobby McFerrin

»www.youtube.com/watch?v=yHFDa9efCQU

--
Don't feed trolls--it only makes them grow!

EdmundGerber

join:2010-01-04
kudos:1

1 recommendation

reply to Mele20

said by Mele20:

So, is Mozilla now allowing use of version 6? I had TO STOP using Java on Fx because of them not allowing version 6.

Fx is not Chrome. Mozilla has no business telling me what I can and cannot use on my browser. They are much worse now than Microsoft. HYPOCRITES also since they caved to Melih but now try and say how much they protect their users. BS.

Mozilla so far seems to be the only browser maker talking about this, and actually coming up with workarounds. And for that they are terrible?

Yes - Mozilla is terrible. Please stop using their products immediately.*

*Because we're tired of your constant derailment of every frigging thread!


therube

join:2004-11-11
Randallstown, MD

1 recommendation

(oops. looks like I should have really replied to Mele.)

Since when couldn't you use 6 in Mozilla?
I can, I have & have had it.

There have been times when Mozilla has blocked either extensions/plugins outright, or for particular version that have known vulnerabilities.

So yes, they may very well block Java 1.7u01 to 1.7u06, forcing you to go to 1.7u07.

Actually they do something just like that.

- <pluginItem blockID="p119">
  <match name="name" exp="Java\(TM\) Plug-in 1\.(6\.0_(\d|[0-2]\d?|3[0-2])|7\.0(_0?([1-4]))?)([^\d\._]|$)" /> 
  <match name="filename" exp="libnpjp2\.so" /> 
  <versionRange severity="1" /> 
  </pluginItem>
- <pluginItem blockID="p125">
  <match name="name" exp="Java\(TM\) Platform SE ((6( U(\d|([0-2]\d)|3[0-2]))?)|(7(\sU[0-4])?))(\s[^\d\._U]|$)" /> 
  <match name="filename" exp="npjp2\.dll" /> 
  <versionRange severity="1" /> 
  </pluginItem>
 

If I had a problem with that, & the stupidity to do so, I could work around it.


therube

join:2004-11-11
Randallstown, MD

1 recommendation

reply to chachazz

quote:
Lastly, starting this week in Aurora and Beta we’ll begin adding the components of click-to-play, a Firefox security control that helps protect users against outdated and vulnerable plugins. We anticipate this new security feature to be fully operational by Firefox 18.

Note that currently, Java blockage looks to be broken in NoScript, in Aurora/Beta, so do not count on that.
You can enable (the Mozilla preference) plugins.click_to_play in about:config.


fritz43

join:2004-03-14
Wheeling, WV
reply to JALevinworth

From How-to Geek:

"As usual, theres yet another security hole in the Java Runtime Environment, and if you dont disable your Java plugin, youre at risk for being infected with malware. Heres how to do it.

Security holes are nothing new, but in this case, the security hole is really bad, and theres no telling when Oracle will get around to fixing the problem. Plus, how often do you really need Java while browsing the web? Why keep it around?
Should You Disable Java or Uninstall it?

Ideally, both. Otherwise:

If you dont rely on any applications that use Java, and you dont visit any sites that require Java in the browser, you should just completely remove the entire framework from your computer.
If you use applications that require Java, you should disable the plugin in the browser.
If you are forced to use Java in the browser for a specific site, you should disable Java in your main browser, and then use an alternate browser just for that one single site.

For regular users, theres very little reason to keep Java around.

Note: many readers pointed out that the fun and extremely geeky game Minecraft requires Java. Obviously if youre a geek, you deserve some Minecraft�€“but you should still disable the Java plugin in the browser.
How to Uninstall Java Entirely

Just like anything else, you need to head to Control Panel �€“> Uninstall Programs and uninstall it from there. Find anything else that has Java, JRE, JDK, or anything similar, and click the Uninstall button�€”it is completely free, so you can easily reinstall it if you really have to."

Agree? Disagree?
--
Help stamp out hate; and haters.



kickass69

join:2002-06-03
Lake Hopatcong, NJ
reply to jabarnut

Click for full size
Yet mine shows what it should about the 0-day exploit.

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to therube

said by therube:

Note that currently, Java blockage looks to be broken in NoScript, in Aurora/Beta, so do not count on that.
You can enable (the Mozilla preference) plugins.click_to_play in about:config.

therube, do you think that the problem with noscript's not blocking "java" is only when using "noscript" with "aurora", which, i assume, is a beta version of "firefox"? or, is "noscript" not blocking "java" at all, regardless of which version of "firefox" one is using? or, you don't know?