homepage Welcome to WebmasterWorld Guest from 54.234.141.47
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Java-Enabled Browsers Not Up-To-Date and Vulnerable To Java Exploits
engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



 
Msg#: 4558932 posted 5:20 pm on Mar 27, 2013 (gmt 0)

I know that many "in-the-know" disable Java. Those that don't know, clearly, are in the vast majority.

Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published by security vendor Websense.

The company recently used its threat intelligence network, which monitors billions of Web requests originating from “tens of millions” of endpoint computers protected by its products, to detect the Java versions that are installed on those systems and are available through their Web browsers. Java-Enabled Browsers Not Up-To-Date and Vulnerable To Java Exploits [pcworld.com]
The Java telemetry data gathered by Websense showed that only 5.5 percent of Java-enabled browsers have the most up-to-date versions of the software’s browser plug-in—Java 7 Update 17 (7u17) and Java 6 Update 43 (6u43)—installed. These two versions were released on March 4 in order to address a vulnerability that was already being exploited in active attacks at the time.

 

Leosghost

WebmasterWorld Senior Member leosghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4558932 posted 5:26 pm on Mar 27, 2013 (gmt 0)

Most "not in the know" would incorrectly disable javascript instead of java..and Google's entire business would be in meltdown until G had paid for enough TV ads to get the masses to re-enable it..

Meanwhile the meeja ( including the BBC tech correspondents ) would claim that the innnertubes were broken..

engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



 
Msg#: 4558932 posted 5:30 pm on Mar 27, 2013 (gmt 0)

hehe, perhaps they would.

Either way, if those figures are correct, that's a huge imbalance.

I will check with my friends, but i'm pretty sure they won't have a clue about it.

albo

5+ Year Member



 
Msg#: 4558932 posted 6:56 pm on Mar 27, 2013 (gmt 0)

Leosghost: a few niche "not in the know" may stop drinking it when they're online. You know, risk of shaky hands and all... ;)

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4558932 posted 9:49 pm on Mar 27, 2013 (gmt 0)

I have one gaming site I visit that is 100% Java and I have one browser with Java always enabled just for visiting those sites only and nothing more.

I also don't let anymore else use my computer under penalty of death or at least a big scolding so it's pretty safe ;) Even my wife gets the 'cat on the hot tin roof' treatment to do only what you must use that computer for and get off it as quickly as possible before you mess up my settings by accident.

She has her own computers, which I never use, so I don't get it... but that's another topic for another day in Foo.

JAB Creations

WebmasterWorld Senior Member jab_creations us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4558932 posted 1:47 am on Mar 28, 2013 (gmt 0)

Google's entire business would be in meltdown until G had paid for enough TV ads to get the masses to re-enable it..


<noscript>Dude, you're not seriously surfing the web like this?</noscript>


Some people would obviously get Java and JavaScript mixed up though only a small percentage would actually bother to go out of their way who are just brave enough, read just enough tech and then on top of that also forget how to turn it back on. They do exist though I don't think it would become an epidemic.

I always have Java disabled by default simply because I've hardly ever seen a site that requires it. Use alternative content to tell me to enable Java and if I think the site is worth it I'll temporarily turn it on.

It's a shame Sun fell to Oracle and this is but a taste of what is to come with other products especially MySQL. That is why I'll be migrating to PostgreSQL.

- John

4serendipity

10+ Year Member



 
Msg#: 4558932 posted 7:54 pm on Mar 30, 2013 (gmt 0)

but a taste of what is to come with other products especially MySQL


I certainly hope that MySQL doesn't go downhill. Thankfully MariaDB and the like are already around if this is the case.

Kendo

5+ Year Member



 
Msg#: 4558932 posted 11:37 pm on Mar 30, 2013 (gmt 0)

It seems that only Google infected browsers are complaining about Java. Yes, even Firefox is infected by Google developers, especially since version 4 and the fact that Google is now the main funder of Firefox.

Like Microsoft, Google thought that they could plagiarise Java and got a good rap over the knuckles. Ever since then Google has been paying out on Java.

Java has been the safest language to use for eons by design. It cannot be a threat and it has always been that way. But if Java can now be a threat to web browsers it will be by the design of those web browsers that are trying push boundaries and if it's Google doing the push it will be privacy at risk.

If you are a Java developer or only a Java user you will be suffering from these new limitations. For example, if you are a developer you now need to maintain a currently code-signed jar file for your clients to update their web resources. If you are a Java user you may be in big trouble because the Java app that you purchased over a year ago may not have been code-signed or the code-signing has expired, so kiss your investment good-bye.

That right, not only must your Java app be code-signed but it must be code-signed by a current certificate. Only idiots from hell would not realise that any app that is code-signed is code-signed for life. The app developer has been certified and authenticated and that app has been sealed with approval. It cannot be altered in any way without breaking the code signing, not now or in 10 years!

Need a second opinion? Notice how IE is not complaining about Java. The only browsers complaining about Java are the ones under the influence of Google.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved