47717768 (banned) join:2003-12-08 Birmingham, AL |
47717768 (banned)
Member
2013-Jan-11 9:22 pm
Feds warn PC users to disable JavaThe Department of Homeland Security is urging computer users to disable or uninstall the Java programming language because of a serious security vulnerability. » www.ksdk.com/news/local/ ··· d=356669This is why i do not have Sun Java installed on my system. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
|
|
|
to 47717768
Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds. I have read 2-3 posts all about java but this is the first time I have read about other applications also. |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN
1 recommendation |
Blackbird
Premium Member
2013-Jan-12 11:55 am
said by dandelion:Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds. I have read 2-3 posts all about java but this is the first time I have read about other applications also. I think the reasoning is that certain Microsoft application software like Office have built-in 'features' that invoke IE to display certain web-residing information within the application software itself, so that a user who never ordinarily uses IE may still be exposed to the Java vulnerability if the exploits exist within pages that IE silently opens. I did a couple of hours of researching this before finally uninstalling Java last night from the last of my systems that still had it. In the course of doing the research, I read a great number of reports about this and earlier Java exploits. Somewhere in all of that (unfortunately, I lost the reference, though I did write down the details) was information that shutting off Java from within IE's 'Add-on' control panel, etc. was only sufficient to block IE from employing Java's ActiveX in a normal IE user browsing session. It was not sufficient to block IE's invoking of Java's ActiveX software when IE was being used in the background by an external program like Office. To block that path, the report indicated that either/both jp2iexp.dll and/or npjpi170_06.dll files also needed to be directly disabled in the c:\program files\java\jdk7\bin folder. Whether all such pathways could be totally blocked by using the Java Control Panel browsing-block setting was never addressed. Rather than mess around any further with Java uncertainties, workarounds, patches, and perpetually-recurring security nightmares, I elected to simply uninstall Java on the remaining system and see if anyone here actually notices its absence. If they do and resulting complaints are loud, I'll cross that bridge when I come to it... |
|
CartelIntel inside Your sensitive data outside Premium Member join:2006-09-13 Chilliwack, BC 1 edit |
to 47717768
This is probably good for 300-400 million computers that wouldn't otherwise be vulnerable. Upgrade link takes you to the install java page. 60-70% users are clicking that up guaranteed. |
|
onDvineGrown up Flower Child Premium Member join:2005-01-29 So. CA, USA 2 edits |
onDvine
Premium Member
2013-Jan-12 1:20 pm
I ran into that page yesterday along with a list of plugins that weren't up to date. Felt forced to update Java so I did but used WinPatrol to disable/remove everything possible afterwards. Am not sure the out of date plugins are worth messing with. I don't use IE and never accepted the EULA for applications in Windows Live Essentials 2011. Edit: I just disabled the two plugins with "Java" in their names. 2nd Edit: Didn't have Java before Oracle took advantage of my ignorance and tricked me into that download. Nothing I do needs it. Uninstalled using Add/Remove Programs and searched for/deleted everything Java created when it installed. Sneaky! |
|
CartelIntel inside Your sensitive data outside Premium Member join:2006-09-13 Chilliwack, BC
1 recommendation |
Cartel
Premium Member
2013-Jan-12 1:26 pm
said by onDvine:I ran into that page yesterday along with a list of plugins that weren't up to date.
Felt forced to update Java so I did but used WinPatrol to disable/remove everything possible afterwards. Am not sure the out of date plugins are worth messing with. I don't use IE and never accepted the EULA for applications in Windows Live Essentials 2011. I rest my case. |
|
Phoenix22Death From Above Premium Member join:2001-12-11 SOG C&C Nrth |
to Name Game
|
|
1 recommendation |
to Cartel
Wrong! |
That Mozilla "Check Your Plugins" page is misleading. I do not have Java installed at all, and yet I get the same "we've disabled it, please update" message. |
|
HA Nut Premium Member join:2004-05-13 USA |
to 47717768
I find this warning strangely funny. I work in an industry that REQUIRES federal reporting and the only way to report is via an online Java application... |
|
2 recommendations |
to no__1__here
said by no__1__here:That Mozilla "Check Your Plugins" page is misleading. I do not have Java installed at all, and yet I get the same "we've disabled it, please update" message. I'd be distinctly unamused if Mozilla took it upon itself to disable Java or anything else. It's their right to warn me, it's not their right to reach out and do it for me. |
|
1 recommendation |
Better question is...is Firefox phoning home to Mozilla all the time like Chrome does with Google? I mean how else are they able to control the Click to Play feature and determine what's 'bad' for us to run. |
|
|
I have Java 7 u10 for IE 8 and Firefox 10ESR. How do I disable them in the browser only?
I still need Java for OFFLINE programs though. |
|
|
chrisretusnRetired Premium Member join:2007-08-13 Philippines
1 recommendation |
to 47717768
How many times have a seen this phrase in a security advisory? quote: can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system,
Insert your favorite program before the phrase. Me? I've decided to disable Windows, that will teach em. |
|
|
This java exploit affects linux, OSX,Unix as well. Not just Windows based OS. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
Mele20
Premium Member
2013-Jan-13 7:58 am
Yeah...well Apple must have juice with Oracle because they have access to a newer version of Java that doesn't have the vulnerability and they are having all their users install it. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
said by Mele20:Yeah...well Apple must have juice with Oracle because they have access to a newer version of Java that doesn't have the vulnerability and they are having all their users install it. They are disabling it..» www.macrumors.com/2013/0 ··· -threat/Where did you get your info there is a newer version? |
|
DataDocMy avatar looks like me, if I was 2D. Premium Member join:2000-05-14 Hedgesville, WV |
to scottp99
This, and the links shown, might help: » nakedsecurity.sophos.com ··· browser/ |
|
pandora Premium Member join:2001-06-01 Outland |
to chrisretusn
said by chrisretusn:How many times have a seen this phrase in a security advisory? quote: can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system,
Insert your favorite program before the phrase. Me? I've decided to disable Windows, that will teach em. How does not using Windows secure you from this problem? |
|
therube join:2004-11-11 Randallstown, MD |
to kickass69
quote: is Firefox phoning home to Mozilla all the time like Chrome does with Google? I mean how else are they able to control the Click to Play feature and determine what's 'bad' for us to run.
blocklist.xml contains a list of add-ons that Mozilla considers to be harmful to the user (contains security vulnerabilities, adversely affects browsing experience, etc.). Any installed add-on on the block list will be disabled and any attempt to install an add-on on the block list will result in an error. (Additionally, there has to be more to it then just that, some interaction with C2P, in this case, but I'm not sure what.) |
|
|
to Name Game
said by Name Game:Where did you get your info there is a newer version? I wouldn't be surprised if the version number of Java for Apple machines is higher (or lower). That may, or may not, mean anything. After all Google (with Chrome) and Microsoft (with IE10) have different numbers for their embedded Adobe Flash Player. There was a time when version numbers meant something. These days not so much. For example look at Mozilla Firefox. They bump a major version every month or so. |
|
deke40deke40 Premium Member join:2003-01-23 Texas |
to scottp99
said by scottp99:I have Java 7 u10 for IE 8 and Firefox 10ESR. How do I disable them in the browser only?
I still need Java for OFFLINE programs though. Don't know if you got this answered or not. Go to the Control Panel and click on the Java icon and then Security. |
|
|
|
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to StuartMW
said by StuartMW:said by Name Game:Where did you get your info there is a newer version? I wouldn't be surprised if the version number of Java for Apple machines is higher (or lower). That may, or may not, mean anything. After all Google (with Chrome) and Microsoft (with IE10) have different numbers for their embedded Adobe Flash Player. There was a time when version numbers meant something. These days not so much. For example look at Mozilla Firefox. They bump a major version every month or so. I read this in one of the security articles. I'll see if I can find it again. The article's author may have been misinformed but said that Apple, contrary to what was being bandied about the internet, was not disabling Java but instead requiring users to update Java to a brand new version not yet publicly available. I wasn't confused by the difference in numbering for Apple vs Windows but perhaps the author of the comment could have been. |
|
|
StuartMW
Premium Member
2013-Jan-13 8:01 pm
said by Mele20:I wasn't confused by the difference in numbering for Apple vs Windows but perhaps the author of the comment could have been. FYI I was saying it is possible. I don't know for sure. Besides » JAVA 7u11 now available for download |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
Mele20
Premium Member
2013-Jan-13 8:29 pm
Yeah... I see it is out so makes this all sort of moot.
Not sure I will install it though with all the reports of the Java registry key missing in the new version and thus Java won't work in Fx. |
|
|
to 47717768
I just got prompted that Java needed an update...
(build 1.7.0_11-b21) |
|
La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL 1 edit |
La Luna
Premium Member
2013-Jan-13 9:47 pm
NM, my mistake. |
|
La Luna 1 edit |
to Jan Janowski
NM, my mistake. |
|
|
baess
Member
2013-Jan-13 10:00 pm
|
|