dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9
share rss forum feed


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2
reply to StuartMW

Re: Warning: 0-Day vulnerability in Java 7

Ah, thanks, Stuart.
Like I said, it's been a long day. (Not really myself). Well, I'm never really myself.
--
I had a life once.....now I have a Computer and a Modem.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
Yes well you're "Light Years Away"
--
Don't feed trolls--it only makes them grow!


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2
Correct.


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2
Guess that the guys behind Java had an "Oh shit!" moment and thought that maybe, just maybe, this deserved an out-of-band update contrary to their normal standard operating procedures.


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

1 edit
I hear you...and their "standard operating procedures" were not too often for sure.
Glad they were on top of this one.
--
I had a life once.....now I have a Computer and a Modem.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
said by jabarnut:

Glad they were on top of this one.

Hopefully someone here will "take one for the team" and will visit a known exploit site. Then we'll know for sure if Oracle "did good".
--
Don't feed trolls--it only makes them grow!


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2
Excellent suggestion! And since you're the one who suggested it, you're elected.
--
I had a life once.....now I have a Computer and a Modem.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
said by jabarnut:

...you're elected.

Thank you for your kind offer but I respectfully decline

For whatever reason there have been a ton of software/firmware updates (for software I use) today. It's been non-stop.
--
Don't feed trolls--it only makes them grow!


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2
Lol..no problem, Stuart. Hell, I don't want to test it either.
I'll do what I usually do. Just sit around and observe, and see if anyone else has problems in the near future.
--
I had a life once.....now I have a Computer and a Modem.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

1 recommendation

Well this old Lemming has seen others (and even tried when younger) "jump" but now prefers to watch the less wise do so
--
Don't feed trolls--it only makes them grow!

mysec
Premium
join:2005-11-29
kudos:4
reply to jabarnut
said by jabarnut:

Glad they were on top of this one.


Oracle knew about currently exploited Java vulnerabilities for months, researcher says
»www.techworld.com.au/article/435···er_says/

Oracle knew since April about the existence of the two unpatched Java 7 vulnerabilities that are currently being exploited in malware attacks, according to Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations.

Security Explorations reported 19 Java 7 security issues to Oracle on Apr. 2. Those issues included the two zero-day -- unpatched -- vulnerabilities that attackers are exploiting to infect computers with malware, Gowdiak said Wednesday via email.

According to a status report received on Aug. 23 from Oracle, the company was planning to fix the two vulnerabilities in its October Critical Patch Update (CPU), together with 17 other Java 7 flaws reported by Security Explorations, Gowdiak said.

Oracle releases security patches every four months. The last Java CPU was released in June and only addressed 3 of the security issues reported by Polish security firm.

"Although we stay in touch with Oracle and the communication process has been quite flawless so far, we don't know why Oracle left so many serious bugs for the Oct. CPU," Gowdiak said.

Oracle did not immediately return a request for comment regarding the vulnerability reports received from Security Explorations.



----
rich

mysec
Premium
join:2005-11-29
kudos:4
reply to StuartMW
said by StuartMW:

Hopefully someone here will "take one for the team" and will visit a known exploit site. Then we'll know for sure if Oracle "did good".


IMHO, a better test of my security would be to see if protection in place would prevent the exploit from running, without a patch in place.

If my security includes whitelisting plugins per site, then the exploit doesn't run if I am redirected to, or otherwise hit upon a booby-trapped site not white listed.

Below, the source code shows the malicious JAR file but it can't execute if the plugin is not enabled, so the page just sits there and does nothing:




This is reinforced from that JAVA check site:




(Newer versions of browsers include the option to be notified anytime a plugin is asked to run. This will alert to any attempt to exploit a plugin by remote code execution -- aka "drive-by")

Finally, as another poster mentioned, these exploits download a binary executable file, so, protection for that in place takes care of that possibility. Here, an old exploit against v.6:




I'm reminded of an article from almost 6 years ago now:

An Ounce of Prevention
»www.infosec.co.uk/ExhibitorLibra···tion.pdf

This approach [white listing] can effectively eliminate the need to patch in emergency mode. Malicious code by default is not on the white list which means that enterprises can rest assured that their exposed software vulnerabilities are safe from potential exploitation, enabling their IT staff to work proactively to develop scheduled patch deployments rather than being in a constant state of emergency.




----
rich