homepage Welcome to WebmasterWorld Guest from 54.163.91.250
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
U.S. Warning Over Java Vulnerability
engine




msg:4535341
 5:24 pm on Jan 11, 2013 (gmt 0)

The U.S. Department of Homeland Security urged computer users to disable Oracle Corp's Java software, amplifying security experts' prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web.

Hackers have figured out how to exploit Java to install malicious software enabling them to commit crimes ranging from identity theft to making an infected computer part of an ad-hoc network of computers that can be used to attack websites.

"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's Computer Emergency Readiness Team said in a posting on its website late on Thursday.

U.S. Warning Over Java Vulnerability [reuters.com]
"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," the agency said. "To defend against this and future Java vulnerabilities, disable Java in Web browsers."


 

Sgt_Kickaxe




msg:4535353
 8:40 pm on Jan 11, 2013 (gmt 0)

Great - there goes a whole lot of casual visitors who will disable javaSCRIPT thinking they are the same. Firfox for example has an easy checkmark to turn off javascript in the options menu where you would typically look but turning off Java is in the addons menu :/

It is somewhat irresponsible of these sites to be posting this particular news without telling visitors HOW to turn off Java, imo.

blend27




msg:4535361
 10:34 pm on Jan 11, 2013 (gmt 0)

visitors who will disable javaSCRIPT

Haven't seen that since Sliced bread was invented. All you have to do is to provide that in details on your site, e.g. how to turn that back on.... <noscript />.

I totally understand the issue, but dont think it is of any alarm to regular sites with JS, unless you run client side Java applets(like 200 year old technology)..

Look at Goog for example or try to use Bing images without JS, completely different experience, I think now days more people understand, even on a Joe the Blocker level, what the diff is.

My personal opinion is the article written in complete Scare-Mongering style, which is what REUTERS does most of the time.... One of the reasons I quit reading Yahoo a while back, when they run news of Reuters.

Dinkar




msg:4535366
 10:54 pm on Jan 11, 2013 (gmt 0)

The best thing to do is remove java from your system unless you REALLY need it. It's heavy on your system without any real use.

thecoalman




msg:4535460
 9:54 am on Jan 12, 2013 (gmt 0)

I think now days more people understand, even on a Joe the Blocker level, what the diff is.


You're giving people far too much credit. The average computer user doesn't know and doesn't care and I can't blame them.

Me personally I have a new machine from October and haven't installed JAVA on it and probably won't. Truthfully I haven't had a reason to yet.

martinibuster




msg:4535495
 3:12 pm on Jan 12, 2013 (gmt 0)

Supposedly there's a fix coming on the 15th. The easiest solution at the moment is to disable the Java BHO in the browser until the patch is out. I ran a Kaspersky rescue disk on one of my older machines three days ago and it found two infected files in the Java program.

graeme_p




msg:4535635
 8:25 am on Jan 13, 2013 (gmt 0)

I have Java installed because I recently tried out some Java desktop apps, but I do not have a browser plugin.

The best thing to do is remove java from your system unless you REALLY need it. It's heavy on your system without any real use.


Make all plugins click to run. That way they di not use resources except when you need them.

incrediBILL




msg:4535636
 8:42 am on Jan 13, 2013 (gmt 0)

Why Oracle doesn't dump Java into a 100% stand alone foundation and just be a sponsor in order to quit getting named es the owner ever time Java runs into a bug totally baffles me.

Fine, they paid for Java, but it's such a liability isn't it time to just write it off the books and call it a wash?

They'd be much better off if they did IMO.

Dinkar




msg:4535669
 2:53 pm on Jan 13, 2013 (gmt 0)

Make all plugins click to run. That way they di not use resources except when you need them.

I guess, you mean to disable it. But it still takes some resources. And there is NO use of Java for me (and most of computer users) then why to keep it on the system?

I have Java installed because I recently tried out some Java desktop apps, but I do not have a browser plugin.
I am not 100% sure but I think it will automatically install the plugin. I think the browser plugin is part of the installation. Check your browser to verify it.
Hoople




msg:4535801
 2:49 am on Jan 14, 2013 (gmt 0)

Oracle has come out with a patch for this latest Java security hole.

Java 7 Update 11 fixes both CVE-2013-0422 and a second vulnerability. D/L at [java.com ]

No detail of fix at Java DOT com but [nakedsecurity.sophos.com ] has a good summary.

super70s




msg:4535815
 4:08 am on Jan 14, 2013 (gmt 0)

I guess, you mean to disable it. But it still takes some resources. And there is NO use of Java for me (and most of computer users) then why to keep it on the system?


If you're into Internet Scrabble the stand-alone "wordbiz" app is a .jar file, otherwise I probably wouldn't have much use for it.

ergophobe




msg:4535826
 6:15 am on Jan 14, 2013 (gmt 0)

The best thing to do is remove java from your system


What if you run NetBeans, Eclipse or a zillion other Java-based apps? I think they mean you should disable Java in the browser, not on your computer in general, no?

Dinkar




msg:4535831
 6:39 am on Jan 14, 2013 (gmt 0)

What if you run NetBeans, Eclipse or a zillion other Java-based apps? I think they mean you should disable Java in the browser, not on your computer in general, no?

I don't know what they mean. But I know what I mean. I want to say -

1. If you are NOT using anything that need Java then uninstall it from your system. You should do same thing with any other software that you are NOT using.

2. Most of people don't need Java as they don't use any Java-based apps. And most of them don't know how to disable it in their browsers.

graeme_p




msg:4535891
 11:17 am on Jan 14, 2013 (gmt 0)

I guess, you mean to disable it. But it still takes some resources. And there is NO use of Java for me (and most of computer users) then why to keep it on the system?


I mean click to run, and for all plugin, not just Java. FOr example I need flash BBC Radio iPlayer and Youtube, so I use plugins or browser settings which show a placeholder and only load the plugin when I click on the placeholder.

If something is only installed, and not run, it does not use resources other than disk space, and not usually much of that.

4serendipity




msg:4536042
 11:34 pm on Jan 14, 2013 (gmt 0)

Make all plugins click to run.


I take it one step further and only have the plugin installed on my secondary browser.

Dinkar




msg:4536111
 7:55 am on Jan 15, 2013 (gmt 0)

If something is only installed, and not run, it does not use resources other than disk space, and not usually much of that.

I wish it would be true. But windows doesn't work as per our wish. This topic is out of scope of this thread so better not to talk further. Sorry for off topic.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved