dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
906
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 recommendation

New holes discovered in latest Java versions

quote:
26 February 2013 - Security Explorations has informed Oracle of two new vulnerabilities in Java, "issue 54" and "issue 55", which it says can be combined to completely bypass Java's sandbox security. Adam Gowdiak, researcher at Security Explorations, told Softpedia that the problems are specific to Java 7 SE versions, and allow abuse of the Reflection API in Java, "in a particularly interesting way".
Ful article - The H Security


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3

1 recommendation

Similar thread here: »Java: Same Old Same Old



FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

1 recommendation

reply to chachazz

As fast as Java can patch existing exploits, new exploits pop up.



angussf
Premium
join:2002-01-11
Tucson, AZ
kudos:4

1 recommendation

reply to chachazz

Note that these are all browser-based. If you need java for an application, you can just disable java in your browser.

If you need java for just a few websites, you can use jPortable from portableapps.com along with a portable browser.


redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to chachazz

"oracle" is arguing that one of the vulnerabilities isn't actually a vulnerability, which suggest that they will not address it.. adam gowdiak says that if oracle refuses to patch the vulnerability, he will release the code for the exploit.. then, i suppose, oracle will have to patch it..

»seclists.org/fulldisclosure/2013/Feb/135


SpHeRe31459

join:2002-10-09
Sacramento, CA
kudos:2

Wow WTF Oracle, they have such a freakin' attitude. The gall of those guys... when multiple white hat security experts are telling them of issues and they just dismiss them. Wait until the guys who aren't wearing the white hats get on these holes...

Makes me miss when Sun was still its own company, LOL, and Sun wasn't much better...


jupitermoon

join:2011-09-27
reply to angussf

said by angussf:

Note that these are all browser-based. If you need java for an application, you can just disable java in your browser.

According to this InfoWorld article, there is no reliable way to disable Java in Internet Explorer:

»www.infoworld.com/t/web-browsers···k-211220


angussf
Premium
join:2002-01-11
Tucson, AZ
kudos:4

said by jupitermoon:

said by angussf:

Note that these are all browser-based. If you need java for an application, you can just disable java in your browser.

According to this InfoWorld article, there is no reliable way to disable Java in Internet Explorer:

»www.infoworld.com/t/web-browsers···k-211220

Which is why you shouldn't use IE as your primary browser. If you use it, use it only for those relatively few sites where Java is required.

Or better yet set up a portable browser (Chrome, Firefox) with jPortable from PortableApps.com.
--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf
»geoapps.blogspot.com/

rdhw

join:2002-09-21
Cambridge UK

1 recommendation

reply to jupitermoon

said by jupitermoon:

there is no reliable way to disable Java in Internet Explorer:

See »support.microsoft.com/kb/2751647
"How to disable the Java web plug-in in Internet Explorer"
--
Robin Walker


Robotics
See You On The Dark Side
Premium
join:2003-10-23
Louisa, VA

1 edit

said by rdhw:

said by jupitermoon:

there is no reliable way to disable Java in Internet Explorer:

See »support.microsoft.com/kb/2751647
"How to disable the Java web plug-in in Internet Explorer"

I go there and get this:

Sorry, the page you requested is not available.

EDIT...guess everyone is going there. Now I can access the page minutes later from first trying.
--
Long you live and high you fly, and smiles you'll give and tears you'll cry,
and all you touch and all you see, is all your life will ever be.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Working for me.


jupitermoon

join:2011-09-27
reply to rdhw

said by rdhw:

See »support.microsoft.com/kb/2751647
"How to disable the Java web plug-in in Internet Explorer"

Guess you didn't read the InfoWorld article!

"Microsoft has released KB article 2751647, which describes how to disable the Java plug-in for Internet Explorer. However, we have found that due to the multitude of ways that Java can be invoked in Internet Explorer, their guidance (as well as our prior guidance) does not completely disable Java."

"The Microsoft instructions kill about 20 Java CLSIDs. The CERT method kills almost 800 of them."

Velnias

join:2004-07-06

1 recommendation

reply to chachazz

Boring.

News should be "Today no holes discovered in latest Java version"