Re: [POLL] Do you use Java; disable it; or uninstall it ?

Author	All Replies
Linklist Premium join:2002-03-03 Longport, NJ kudos:5	reply to Linklist Re: [POLL] Do you use Java; disable it; or uninstall it ? Mozilla has decided to add an automatic block of the Java plug-in in Firefox that can be overridden by the user on an individual use basis or a web site white list. »thenextweb.com/apps/2013/01/11/f···ocklist/ Mozilla on Friday announced it has added Java 7 Update 9, Java 7 Update 10, Java 6 Update 37, and Java 6 Update 38 to its Firefox add-on block list, following yesterday’s news of a new vulnerability. The critical security hole, which allows attackers to execute malicious software on a victim’s machine, is currently being exploited in the wild and is also available in common exploit kits. Firefox users are protected by either existing plugin blocking or Click To Play defenses. The Click To Play feature ensures that the Java plugin will not load unless a user specifically clicks to enable the plugin. This protects users against drive-by exploitation, one of the most common exploit techniques used to compromise vulnerable users. Click To Play also allows users to enable the Java plugin on a per-site basis if they absolutely need the Java plugin for the site. This feature is available as of Firefox 17. -- A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.
Linklist Premium join:2002-03-03 Longport, NJ kudos:5	to forum · permalink · 2013-01-11 14:47:01 ·
Linklist Premium join:2002-03-03 Longport, NJ kudos:5	said by Linklist: Mozilla has decided to add an automatic block of the Java plug-in in Firefox that can be overridden by the user on an individual use basis or a web site white list. Apple has now also blocked Java on the OS X platform: »www.macrumors.com/2013/01/11/app···-threat/ -- A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.
Linklist Premium join:2002-03-03 Longport, NJ kudos:5	to forum · permalink · 2013-01-11 16:06:42 ·
Linklist Premium join:2002-03-03 Longport, NJ kudos:5	Security company knocks Oracle big time for not fixing problem completely when notified initially in Aug, 2012. And now says ransomware exploits are all Oracle's fault. »thenextweb.com/insider/2013/01/1···somware/ according to Security Explorations, the security firm responsible for identifying most of the latest Java vulnerabilities. Back in late August 2012, the company informed Oracle about the insecure implementation of the Reflection API, dubbed Issue 32, and Oracle released a patch for it in October 2012, but the fix wasn’t a complete one. “The zero-day code would not work if Issue 32 was properly addressed,” Security Explorations CEO Adam Gowdiak told Softpedia. We sent Oracle additional Proof of Concept code for Issue 32 that illustrated this exploitation vector in Sep 2012.” Cool Exploit Kit (CEK), already included the latest Java exploit. Before we dive in to how CEK is already being used to push ransomware... CEK has been used to distribute ransomware before, but now it’s also using this latest Java vulnerability to do so. Trend Micro has detected the exploits in question as JAVA_EXPLOIT.RG and HTML_EXPLOIT.RG, as well as the ransomware payloads as Reveton (TROJ_REVETON.RG and TROJ_REVETON.RJ). I use Firefox 18, which has Java blocked from running. If I absolutely need to run a Java app and completely trust the web site, I can open up an IE tab using an IE Tab addon to run it. -- A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.
Linklist Premium join:2002-03-03 Longport, NJ kudos:5	to forum · permalink · 2013-01-11 16:19:22 ·

Broadband Tech > Security > Security > [POLL] Do you use Java; disable it; or uninstall it ?