User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » If you're running Java in your browser, reconsider Page [1]  
CarZin
patent pending
10527 Posts
user info
edit post

http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/

A lot of buzz on this one.

1/10/2013 3:27:53 PM

jcgolden
Suspended
1394 Posts
user info
edit post

http://www.us-cert.gov/

thread is legit

1/10/2013 4:40:22 PM

ThePeter
TWW CHAMPION
37709 Posts
user info
edit post

Noscript

1/11/2013 9:31:35 PM

lewisje
All American
9196 Posts
user info
edit post

also click-to-play

also both Apple and Mozilla are disabling the plugin by default, hopefully Chrome and Opera and IE soon to follow

1/12/2013 12:59:04 AM

richthofen
All American
15758 Posts
user info
edit post

One does not realize how omnipresent javascript is until disabling it. Gmail? Can't use the standard interface. Facebook? Doesn't work at all. Even TWW has issues--try using the drop-down box to change sections. Nope.

I'm a little surprised there isn't a patch already. Perhaps the developers at Oracle don't work weekends.

1/13/2013 1:03:27 PM

llama
All American
841 Posts
user info
edit post

Java != javascript

1/13/2013 2:29:46 PM

lewisje
All American
9196 Posts
user info
edit post

^^Java isn't used much on the Web anymore; JavaScript was titled only to catch some of Java's cred as the "next big thing" when they both came out almost 2 decades ago.

1/13/2013 4:18:26 PM

richthofen
All American
15758 Posts
user info
edit post

Eh, good point. That's what I get for not paying attention.

[/technically inept]

1/13/2013 4:52:28 PM

lewisje
All American
9196 Posts
user info
edit post

yay they fixed it: http://nakedsecurity.sophos.com/2013/01/13/oracle-releases-cve-2013-0422-patch-for-java/

1/14/2013 2:04:19 AM

CapnObvious
All American
5057 Posts
user info
edit post

^From what I've heard, they mostly plastered over it to fix the current live exploits, but its still exploitable. Hackers will come out with a round 2, and who knows how long that will take to fix (or even notice).

Could just be some security guys tooting their own horn, though.

http://www.zdnet.com/security-experts-on-java-fixing-zero-day-exploit-could-take-two-years-7000009756/

1/14/2013 11:06:29 AM

dtownral
Suspended
26632 Posts
user info
edit post

any how-to's with pictures for family members to follow to turn off java?

1/14/2013 11:08:50 AM

Stimwalt
All American
15292 Posts
user info
edit post

Fix: http://java.com/en/download/index.jsp

[Edited on January 14, 2013 at 11:18 AM. Reason : -]

1/14/2013 11:17:46 AM

lewisje
All American
9196 Posts
user info
edit post

^^This is close (at least for turning off the plugin, the vulnerable part): http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/

1/14/2013 11:22:16 AM

 Message Boards » Tech Talk » If you're running Java in your browser, reconsider Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.