 OlegBellsouth FastaccessPremium
join:2003-12-08
Birmingham, AL
kudos:2 | Feds warn PC users to disable Java The Department of Homeland Security is urging computer users to disable or uninstall the Java programming language because of a serious security vulnerability.
»www.ksdk.com/news/local/story.as···d=356669
This is why i do not have Sun Java installed on my system. |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | »Java is still exploitable and is likely going to remain so.. |
|
 dandelionPremium,MVM
join:2003-04-29
Germantown, TN
kudos:4
 ·Comcast
| reply to Oleg
Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds. I have read 2-3 posts all about java but this is the first time I have read about other applications also. |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3
 ·Frontier Communi..
| said by dandelion:Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds. I have read 2-3 posts all about java but this is the first time I have read about other applications also. I think the reasoning is that certain Microsoft application software like Office have built-in 'features' that invoke IE to display certain web-residing information within the application software itself, so that a user who never ordinarily uses IE may still be exposed to the Java vulnerability if the exploits exist within pages that IE silently opens.
I did a couple of hours of researching this before finally uninstalling Java last night from the last of my systems that still had it. In the course of doing the research, I read a great number of reports about this and earlier Java exploits. Somewhere in all of that (unfortunately, I lost the reference, though I did write down the details) was information that shutting off Java from within IE's 'Add-on' control panel, etc. was only sufficient to block IE from employing Java's ActiveX in a normal IE user browsing session. It was not sufficient to block IE's invoking of Java's ActiveX software when IE was being used in the background by an external program like Office. To block that path, the report indicated that either/both jp2iexp.dll and/or npjpi170_06.dll files also needed to be directly disabled in the c:\program files\java\jdk7\bin folder. Whether all such pathways could be totally blocked by using the Java Control Panel browsing-block setting was never addressed. Rather than mess around any further with Java uncertainties, workarounds, patches, and perpetually-recurring security nightmares, I elected to simply uninstall Java on the remaining system and see if anyone here actually notices its absence. If they do and resulting complaints are loud, I'll cross that bridge when I come to it... 
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville |
|
 Sindows 7
join:2006-09-13
Chilliwack, BC
kudos:2
·TekSavvy DSL
·Shaw
·TELUS
1 edit | reply to Oleg
This is probably good for 300-400 million computers that wouldn't otherwise be vulnerable.
Upgrade link takes you to the install java page.
60-70% users are clicking that up guaranteed. |
|
 onDvineDon't Litter. Spay-Neuter.Premium
join:2005-01-29
So. CA, USA
kudos:9
2 edits | I ran into that page yesterday along with a list of plugins that weren't up to date.
Felt forced to update Java so I did but used WinPatrol to disable/remove everything possible afterwards. Am not sure the out of date plugins are worth messing with. I don't use IE and never accepted the EULA for applications in Windows Live Essentials 2011.
Edit: I just disabled the two plugins with "Java" in their names.
2nd Edit: Didn't have Java before Oracle took advantage of my ignorance and tricked me into that download. Nothing I do needs it. Uninstalled using Add/Remove Programs and searched for/deleted everything Java created when it installed. Sneaky!  |
|
Sindows 7
join:2006-09-13
Chilliwack, BC
kudos:2 Reviews:
·TekSavvy DSL
·Shaw
·TELUS
| said by onDvine:I ran into that page yesterday along with a list of plugins that weren't up to date.
Felt forced to update Java so I did but used WinPatrol to disable/remove everything possible afterwards. Am not sure the out of date plugins are worth messing with. I don't use IE and never accepted the EULA for applications in Windows Live Essentials 2011.
I rest my case. |
|
 Phoenix22Death From AbovePremium
join:2001-12-11
SOG C&C Nrth
·Comcast Formerl..
| reply to Name Game
said by Name Game:http://www.dslreports.com/forum/r27898524-Java-is-still-exploitable-and-is-likely-going-to-remain-so.
good point .. |
|
Reviews:
·AT&T Southwest
| reply to Sindows 7
Wrong! |
|
|
 HA NutPremium
join:2004-05-13
USA | reply to Oleg
I find this warning strangely funny. I work in an industry that REQUIRES federal reporting and the only way to report is via an online Java application... |
|
| reply to no__1__here
said by no__1__here:That Mozilla "Check Your Plugins" page is misleading. I do not have Java installed at all, and yet I get the same "we've disabled it, please update" message.
I'd be distinctly unamused if Mozilla took it upon itself to disable Java or anything else. It's their right to warn me, it's not their right to reach out and do it for me. |
|
| Better question is...is Firefox phoning home to Mozilla all the time like Chrome does with Google? I mean how else are they able to control the Click to Play feature and determine what's 'bad' for us to run. |
|
| I have Java 7 u10 for IE 8 and Firefox 10ESR.
How do I disable them in the browser only?
I still need Java for OFFLINE programs though. |
|
|
|
 chrisretusnRetiredPremium
join:2007-08-13
Philippines
kudos:1 | reply to Oleg
How many times have a seen this phrase in a security advisory?
quote:
can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system,
Insert your favorite program before the phrase. Me? I've decided to disable Windows, that will teach em. 
--
Chris
Living in Paradise!! |
|
| This java exploit affects linux, OSX,Unix as well. Not just Windows based OS. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | Yeah...well Apple must have juice with Oracle because they have access to a newer version of Java that doesn't have the vulnerability and they are having all their users install it.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | said by Mele20:Yeah...well Apple must have juice with Oracle because they have access to a newer version of Java that doesn't have the vulnerability and they are having all their users install it.
They are disabling it..»www.macrumors.com/2013/01/11/app···-threat/
Where did you get your info there is a newer version?
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
 DataDocMy avatar looks like me, if I was 2D.Premium
join:2000-05-14
Greenville, NC | reply to scottp99
This, and the links shown, might help:
»nakedsecurity.sophos.com/2012/08···browser/ |
|
pandoraPremium
join:2001-06-01
Outland
kudos:1 Reviews:
 ·Google Voice
·Comcast
·ooma
·Future Nine Corp..
| reply to chrisretusn
said by chrisretusn:How many times have a seen this phrase in a security advisory?
quote:
can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system,
Insert your favorite program before the phrase. Me? I've decided to disable Windows, that will teach em. How does not using Windows secure you from this problem?
--
"If you put the federal government in charge of the Sahara Desert, in 5 years there'd be a shortage of sand." - Milton Friedman" |
|
 therube
join:2004-11-11
Randallstown, MD | reply to kickass69
quote:
is Firefox phoning home to Mozilla all the time like Chrome does with Google? I mean how else are they able to control the Click to Play feature and determine what's 'bad' for us to run.
blocklist.xml contains a list of add-ons that Mozilla considers to be harmful to the user (contains security vulnerabilities, adversely affects browsing experience, etc.). Any installed add-on on the block list will be disabled and any attempt to install an add-on on the block list will result in an error.
(Additionally, there has to be more to it then just that, some interaction with C2P, in this case, but I'm not sure what.) |
|
