Welcome to WebmasterWorld Guest from 54.226.22.192

Forum Moderators: phranque

Message Too Old, No Replies

Java-Enabled Browsers Not Up-To-Date and Vulnerable To Java Exploits

     
5:20 pm on Mar 27, 2013 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22724
votes: 292


I know that many "in-the-know" disable Java. Those that don't know, clearly, are in the vast majority.

Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published by security vendor Websense.

The company recently used its threat intelligence network, which monitors billions of Web requests originating from “tens of millions” of endpoint computers protected by its products, to detect the Java versions that are installed on those systems and are available through their Web browsers. Java-Enabled Browsers Not Up-To-Date and Vulnerable To Java Exploits [pcworld.com]
The Java telemetry data gathered by Websense showed that only 5.5 percent of Java-enabled browsers have the most up-to-date versions of the software’s browser plug-in—Java 7 Update 17 (7u17) and Java 6 Update 43 (6u43)—installed. These two versions were released on March 4 in order to address a vulnerability that was already being exploited in active attacks at the time.
5:26 pm on Mar 27, 2013 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


Most "not in the know" would incorrectly disable javascript instead of java..and Google's entire business would be in meltdown until G had paid for enough TV ads to get the masses to re-enable it..

Meanwhile the meeja ( including the BBC tech correspondents ) would claim that the innnertubes were broken..
5:30 pm on Mar 27, 2013 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22724
votes: 292


hehe, perhaps they would.

Either way, if those figures are correct, that's a huge imbalance.

I will check with my friends, but i'm pretty sure they won't have a clue about it.
6:56 pm on Mar 27, 2013 (gmt 0)

Preferred Member

10+ Year Member

joined:Feb 14, 2005
posts:475
votes: 0


Leosghost: a few niche "not in the know" may stop drinking it when they're online. You know, risk of shaky hands and all... ;)
9:49 pm on Mar 27, 2013 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14644
votes: 93


I have one gaming site I visit that is 100% Java and I have one browser with Java always enabled just for visiting those sites only and nothing more.

I also don't let anymore else use my computer under penalty of death or at least a big scolding so it's pretty safe ;) Even my wife gets the 'cat on the hot tin roof' treatment to do only what you must use that computer for and get off it as quickly as possible before you mess up my settings by accident.

She has her own computers, which I never use, so I don't get it... but that's another topic for another day in Foo.
1:47 am on Mar 28, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member jab_creations is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 26, 2004
posts:3148
votes: 12


Google's entire business would be in meltdown until G had paid for enough TV ads to get the masses to re-enable it..


<noscript>Dude, you're not seriously surfing the web like this?</noscript>


Some people would obviously get Java and JavaScript mixed up though only a small percentage would actually bother to go out of their way who are just brave enough, read just enough tech and then on top of that also forget how to turn it back on. They do exist though I don't think it would become an epidemic.

I always have Java disabled by default simply because I've hardly ever seen a site that requires it. Use alternative content to tell me to enable Java and if I think the site is worth it I'll temporarily turn it on.

It's a shame Sun fell to Oracle and this is but a taste of what is to come with other products especially MySQL. That is why I'll be migrating to PostgreSQL.

- John
7:54 pm on Mar 30, 2013 (gmt 0)

Full Member

10+ Year Member

joined:Jan 5, 2003
posts:202
votes: 0


but a taste of what is to come with other products especially MySQL


I certainly hope that MySQL doesn't go downhill. Thankfully MariaDB and the like are already around if this is the case.
11:37 pm on Mar 30, 2013 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:May 27, 2005
posts:428
votes: 3


It seems that only Google infected browsers are complaining about Java. Yes, even Firefox is infected by Google developers, especially since version 4 and the fact that Google is now the main funder of Firefox.

Like Microsoft, Google thought that they could plagiarise Java and got a good rap over the knuckles. Ever since then Google has been paying out on Java.

Java has been the safest language to use for eons by design. It cannot be a threat and it has always been that way. But if Java can now be a threat to web browsers it will be by the design of those web browsers that are trying push boundaries and if it's Google doing the push it will be privacy at risk.

If you are a Java developer or only a Java user you will be suffering from these new limitations. For example, if you are a developer you now need to maintain a currently code-signed jar file for your clients to update their web resources. If you are a Java user you may be in big trouble because the Java app that you purchased over a year ago may not have been code-signed or the code-signing has expired, so kiss your investment good-bye.

That right, not only must your Java app be code-signed but it must be code-signed by a current certificate. Only idiots from hell would not realise that any app that is code-signed is code-signed for life. The app developer has been certified and authenticated and that app has been sealed with approval. It cannot be altered in any way without breaking the code signing, not now or in 10 years!

Need a second opinion? Notice how IE is not complaining about Java. The only browsers complaining about Java are the ones under the influence of Google.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members