 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2
 ·CenturyLink
| reply to Name Game
Re: Feds warn PC users to disable Java said by Name Game:Where did you get your info there is a newer version?
I wouldn't be surprised if the version number of Java for Apple machines is higher (or lower). That may, or may not, mean anything. After all Google (with Chrome) and Microsoft (with IE10) have different numbers for their embedded Adobe Flash Player.
There was a time when version numbers meant something. These days not so much. For example look at Mozilla Firefox. They bump a major version every month or so.
--
Don't feed trolls--it only makes them grow! |
|
|
|
 deke40Premium
join:2003-01-23
Texas
 ·Comcast
| reply to scottp99
said by scottp99:I have Java 7 u10 for IE 8 and Firefox 10ESR.
How do I disable them in the browser only?
I still need Java for OFFLINE programs though.
Don't know if you got this answered or not.
Go to the Control Panel and click on the Java icon and then Security. |
|
| Scottp99 - Just go to the US Cert site.
»www.kb.cert.org/vuls/id/625617
»www.java.com/en/download/help/di···wser.xml |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to StuartMW
said by StuartMW:said by Name Game:Where did you get your info there is a newer version?
I wouldn't be surprised if the version number of Java for Apple machines is higher (or lower). That may, or may not, mean anything. After all Google (with Chrome) and Microsoft (with IE10) have different numbers for their embedded Adobe Flash Player. There was a time when version numbers meant something. These days not so much. For example look at Mozilla Firefox. They bump a major version every month or so. I read this in one of the security articles. I'll see if I can find it again. The article's author may have been misinformed but said that Apple, contrary to what was being bandied about the internet, was not disabling Java but instead requiring users to update Java to a brand new version not yet publicly available. I wasn't confused by the difference in numbering for Apple vs Windows but perhaps the author of the comment could have been.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| said by Mele20:I wasn't confused by the difference in numbering for Apple vs Windows but perhaps the author of the comment could have been. FYI I was saying it is possible. I don't know for sure.
Besides
»JAVA 7u11 now available for download
--
Don't feed trolls--it only makes them grow! |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | Yeah... I see it is out so makes this all sort of moot.
Not sure I will install it though with all the reports of the Java registry key missing in the new version and thus Java won't work in Fx.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
| reply to Oleg
I just got prompted that Java needed an update...
(build 1.7.0_11-b21)
--
Looking for 1939 Indian Motocycle |
|
 La LunaSurvived AshrafulPremium
join:2001-07-12
Warwick, NY
kudos:3
1 edit | NM, my mistake. |
|
La LunaSurvived AshrafulPremium
join:2001-07-12
Warwick, NY
kudos:3
1 edit | reply to Jan Janowski
NM, my mistake. |
|
| 4 hours ago or so
»JAVA 7u11 now available for download |
|
La LunaSurvived AshrafulPremium
join:2001-07-12
Warwick, NY
kudos:3 | Boy, I need to go to bed. I thought he meant there was ANOTHER update! Whew, thanks for clearing that up! 
--
The Alien in the White House
20,196 DEADLY TERROR ATTACKS SINCE 9/11 |
|
 DustynPremium
join:2003-02-26
Ontario, CAN
kudos:10 | No worries... there will be soon enough.  |
|
| reply to Mele20
It works and shows up just fine over here running Firefox 18. |
|
 SeleniaI love DebianPremium
join:2006-09-22
Lanesboro, MA
kudos:2 | reply to pandora
said by pandora:said by chrisretusn:How many times have a seen this phrase in a security advisory?
quote:
can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system,
Insert your favorite program before the phrase. Me? I've decided to disable Windows, that will teach em.  How does not using Windows secure you from this problem? It might. One thing is using the openjdk and openjre. I avoid proprietary where open source works well. Many times, it works better(adapting to rapid software updates, etc) if the functions you need are supported. I breathed a sigh of relief when the support for my laptop's graphics chipset by the open source radeon driver matured enough to use it full time. No more fglrx hell(ATI/AMD's proprietary linux 3D graphicsdriver) of worrying that upgrades would break it or that it would not like particular software or configs. That being said, I use Java a lot and the openjre has supported everything I do well. So far, no security bulletins regarding this that I can find.
--
A fool thinks they know everything.
A wise person knows enough to know they couldn't possibly know everything.
There are zealots for every OS, like every religion. They do not represent the majority of users for either. |
|
| reply to Mele20
said by Mele20:Yeah...well Apple must have juice with Oracle because they have access to a newer version of Java that doesn't have the vulnerability and they are having all their users install it.
Last I remember Apple writes their own Java implementation just as they do with their video drivers. |
|
 chrisretusnRetiredPremium
join:2007-08-13
Philippines
kudos:1 | reply to pandora
said by pandora:said by chrisretusn:How many times have a seen this phrase in a security advisory?
quote:
can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system,
Insert your favorite program before the phrase. Me? I've decided to disable Windows, that will teach em. How does not using Windows secure you from this problem? It doesn't. You missed my point. That phrase (quoted above) is is used for a lot of software vulnerabilities including Microsoft ones, yet I don't recall being advised or encouraged by CERT or other security advisories to disable or remove Windows.
It was a bit of humor too.
Lot of folks jumping on the I don't run, removed it, never used it, band wagon. Well I've never been one to follow trends, no plans on following this one. I need Java for programs I use and some web sites I use also use Java. So Java stays.
For what it's worth, I have OpenJDK installed on this particular machine (Running Slackware64) and the IcedTea-Web Plugin with my browser (Firefox). I have other machines (a mix of operating systems) that have Oracle Java installed. I am not all that concerned about this latest "threat" as I seriously doubt I will be bothered by it.
--
Chris
Living in Paradise!! |
|
pandoraPremium
join:2001-06-01
Outland
kudos:1 Reviews:
 ·Google Voice
·Comcast
·ooma
·Future Nine Corp..
| said by chrisretusn:For what it's worth, I have OpenJDK installed on this particular machine (Running Slackware64) and the IcedTea-Web Plugin with my browser (Firefox). I have other machines (a mix of operating systems) that have Oracle Java installed. I am not all that concerned about this latest "threat" as I seriously doubt I will be bothered by it.
Thanks for the response, I understand your post better.
This does bring up another question ... is the opensource Java product vulnerable to any of the exploits Java currently is?
--
"If you put the federal government in charge of the Sahara Desert, in 5 years there'd be a shortage of sand." - Milton Friedman" |
|
chrisretusnRetiredPremium
join:2007-08-13
Philippines
kudos:1 | Based on Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code - No. There are some Java vulnerabilities that affect both. Example: Vulnerability Note VU#636312 - Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code
--
Chris
Living in Paradise!! |
|
pandoraPremium
join:2001-06-01
Outland
kudos:1 Reviews:
·Google Voice
·Comcast
·ooma
·Future Nine Corp..
| I ran a google search for OpenJDK exploit within the past week, and encountered this - »security.stackexchange.com/quest···-icedtea Java 7 and OpenJDK share a lot of common code, so, as a general rule, security issues in Java 7 also apply to OpenJDK. In that specific case, it seems that the vulnerability was reported in the Debian OpenJDK package, so yes, they are vulnerable. See this question on another stackexchange site. Since Oracle seems to have fixed their JDK, chances are that the same fix will appear in OpenJDK in a few hours or days.
If a lot of code is shared with the open Java and proprietary Java, it'd be tough for me to get warm fuzzies about either product.
Also here - »ubuntuforums.org/showthread.php?p=12452828
--
"If you put the federal government in charge of the Sahara Desert, in 5 years there'd be a shortage of sand." - Milton Friedman" |
|
 DownTheShoreHelp Moore OklahomaPremium
join:2003-12-02
Beautiful NJ
kudos:12
·Verizon Online DSL
| reply to Oleg
The problem was severe enough for the firm to release an emergency patch -- Java 7 Update 11 -- over the weekend. However, security experts have warned that the changes do not go far enough.
Security researcher Adam Gowdiak from Security Explorations has been keeping an eye on the software flaws in Java over the past year. Once Gowdiak analyzed the latest update to Java, he found that the patch still leaves a number of "critical security flaws," according to Reuters. This statement, mirrored by AlienVault Labs' Jaime Blasco who branded Oracle's offering as a "mess," was later reinforced by the firm's recommendation against using the software.
"We don't dare to tell users that it's safe to enable Java again," Gowdiak commented » www.zdnet.com/security-experts-o···cid=e539----------------------- I notice that Pale Moon has disabled the Java (TM) Platform but it still leaves the Java Deployment Toolkit enabled in its Add-ons Manager. Should both be disabled? What does the Deployment Toolkit do? --
Patriotism is not waving a flag, it is living the ideals
I want to retire to the Isle of Sodor and ride the trains.
|
|
