Java Software Security Alert- Advised to Disable Java

This too shall pass.
Post Reply
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

Java Software Security Alert- Advised to Disable Java

Post by monster_gardener »

Thank you VERY Much for maintaining the Forum, Typhoon & YMix


Just heard a warning to disable JAVA software on web browsers.........

http://www.chicagotribune.com/news/sns- ... 0182.story
(Reuters) - The U.S. Department of Homeland Security urged computer users to disable Oracle Corp's Java software, amplifying security experts' prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web.

Hackers have figured out how to exploit Java to install malicious software enabling them to commit crimes ranging from identity theft to making an infected computer part of an ad-hoc network of computers that can be used to attack websites.

"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's Computer Emergency Readiness Team said in a posting on its website late on Thursday.

"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," the agency said. "To defend against this and future Java vulnerabilities, disable Java in Web browsers."

Oracle declined on Friday to comment on the warning.
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
User avatar
Typhoon
Posts: 27267
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Java Software Security Alert- Advised to Disable Java

Post by Typhoon »

Thanks for posting the notice.

I disabled the Java plugin in Chrome when I saw this news.

Then I wondered why I have Java installed on my systems.

Uninstalled Java. So far it's not been missed.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

Re: Java Software Security Alert- Advised to Disable Java

Post by monster_gardener »

Typhoon wrote:Thanks for posting the notice.

I disabled the Java plugin in Chrome when I saw this news.

Then I wondered why I have Java installed on my systems.

Uninstalled Java. So far it's not been missed.
Thank you VERY MUCH for your Reply and Kind Words, Typhoon.

I am Very Happy & Pleased to have been of assistance.

I have disabled Java on FireFox........

Have not needed it yet..........
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
Hoosiernorm
Posts: 2206
Joined: Fri Dec 16, 2011 7:59 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by Hoosiernorm »

Disabled it and found out that youtube doesn't work without it and facebook won't load video or the games that my wife plays. Not sure what I did incorrectly or if this is just what I have to give away to keep safe. I'm small potatoes, I'm going to keep it until I can figure out if there is a work around.
Been busy doing stuff
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

You Tube Works for me in FireFox with Java Disabled........

Post by monster_gardener »

Hoosiernorm wrote:Disabled it and found out that youtube doesn't work without it and facebook won't load video or the games that my wife plays. Not sure what I did incorrectly or if this is just what I have to give away to keep safe. I'm small potatoes, I'm going to keep it until I can figure out if there is a work around.
Thank You Very Much for your post, HoosierNorm.

You Tube and Meta Cafe both work for me with Java disabled in FireFox.......

Double checked just a moment ago: Java Disabled and You Tube works
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
Hoosiernorm
Posts: 2206
Joined: Fri Dec 16, 2011 7:59 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by Hoosiernorm »

https://addons.mozilla.org/en-US/firefox/blocked/p182

Went back through my add on's for firefox and it's already disabled. I went to the settings and simply turned it off which gave me the result of youtube and other streaming video not working correctly.
Been busy doing stuff
User avatar
Enki
Posts: 5052
Joined: Thu Dec 22, 2011 6:04 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by Enki »

I uninstalled it from windows and as yet nothing has had a problem.
Men often oppose a thing merely because they have had no agency in planning it, or because it may have been planned by those whom they dislike.
-Alexander Hamilton
User avatar
Azrael
Posts: 1863
Joined: Thu Dec 22, 2011 8:57 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by Azrael »

I just uninstalled it.
cultivate a white rose
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

Java Fixed but Experts say still best not to use unless need

Post by monster_gardener »

Thank you again for maintaining the Forum, Typhoon & Ymix.

Hot off the press......

Java Fixed but Experts say still best not to use unless needed

http://www.npr.org/blogs/thetwo-way/201 ... sabling-it

Days after the Department of Homeland Security said computer users should remove the latest versions of its Java software, Oracle Corp. says it has fixed the flaw, in a new update released Monday. As we reported Friday, hacking groups included the Java 7 vulnerability in new "exploit kits" this year.

Oracle provides instructions for updating to Java 7, update 11 on its website, saying the update raises the default security level for Java applets from Medium to High — which means that "the user is always warned before any unsigned application is run to prevent silent exploitation," the company says in its release notes.

But the experts who highlighted the Java 7 flaw say that even though it's fixed, users should beware, as other security problems could arise in the software.

"Unless it is absolutely necessary to run Java in web browsers, disable it... even after updating," recommends Carnegie Mellon University's CERT computer security site
Instructions and more at link..........
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
noddy
Posts: 11326
Joined: Tue Dec 13, 2011 3:09 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by noddy »

i have just finished installing java and am using it for the first time in a very long time learning android delveopment
ultracrepidarian
User avatar
Typhoon
Posts: 27267
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Java Software Security Alert- Advised to Disable Java

Post by Typhoon »

noddy wrote:i have just finished installing java and am using it for the first time in a very long time learning android delveopment
Have you considered https://trigger.io/ ?
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
noddy
Posts: 11326
Joined: Tue Dec 13, 2011 3:09 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by noddy »

Typhoon wrote:
noddy wrote:i have just finished installing java and am using it for the first time in a very long time learning android delveopment
Have you considered https://trigger.io/ ?
its javascript from the looks of it so it wont cut it for the project im meant to be taking on.

its an ebook type rendering widget so im not even that confident java will be fast enough but am investigating it before deciding if i need to go to c++ instead.
ultracrepidarian
User avatar
Typhoon
Posts: 27267
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Java Software Security Alert- Advised to Disable Java

Post by Typhoon »

noddy wrote:
Typhoon wrote:
noddy wrote:i have just finished installing java and am using it for the first time in a very long time learning android delveopment
Have you considered https://trigger.io/ ?
its javascript from the looks of it so it wont cut it for the project im meant to be taking on.
It runs native code under the interface.
noddy wrote:its an ebook type rendering widget so im not even that confident java will be fast enough but am investigating it before deciding if i need to go to c++ instead.
Real men code in C++.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
noddy
Posts: 11326
Joined: Tue Dec 13, 2011 3:09 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by noddy »

Typhoon wrote:
noddy wrote:
Typhoon wrote:
noddy wrote:i have just finished installing java and am using it for the first time in a very long time learning android delveopment
Have you considered https://trigger.io/ ?
its javascript from the looks of it so it wont cut it for the project im meant to be taking on.
It runs native code under the interface.
aaah, then its just back to me hating javascript then :)

the only scripting languages i like are python and ruby, the rest are a tad odious with implicit behaviours and poor object models.
Typhoon wrote:
noddy wrote:its an ebook type rendering widget so im not even that confident java will be fast enough but am investigating it before deciding if i need to go to c++ instead.
Real men code in C++.
real men do their own struct casting object models in C like the original C++ and then roll their own optimised datastructures per use case and do likewise with memory management.

actually, real men right their own macro templates for ASM like the original C.
ultracrepidarian
User avatar
Typhoon
Posts: 27267
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Java Software Security Alert- Advised to Disable Java

Post by Typhoon »

noddy wrote:
Typhoon wrote:
noddy wrote:
Typhoon wrote:
noddy wrote:i have just finished installing java and am using it for the first time in a very long time learning android delveopment
Have you considered https://trigger.io/ ?
its javascript from the looks of it so it wont cut it for the project im meant to be taking on.
It runs native code under the interface.
aaah, then its just back to me hating javascript then :)

the only scripting languages i like are python and ruby, the rest are a tad odious with implicit behaviours and poor object models.
Typhoon wrote:
noddy wrote:its an ebook type rendering widget so im not even that confident java will be fast enough but am investigating it before deciding if i need to go to c++ instead.
Real men code in C++.
real men do their own struct casting object models in C like the original C++ and then roll their own optimised datastructures per use case and do likewise with memory management.

actually, real men right their own macro templates for ASM like the original C.
Real men code it all in assembler.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Enki
Posts: 5052
Joined: Thu Dec 22, 2011 6:04 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by Enki »

http://tiggzi.com/home

This seems like a pretty cool CMS for coding Android apps. We've been looking into that one.
Men often oppose a thing merely because they have had no agency in planning it, or because it may have been planned by those whom they dislike.
-Alexander Hamilton
noddy
Posts: 11326
Joined: Tue Dec 13, 2011 3:09 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by noddy »

i actually havent spent that much time with c++ because it was quite ugly for cross platform re usability back in the day and i liked/needed all my code working on the various flavours of *nix and windows so im much better with vanilla C and tend to use that in these situations.

then c# came along and was a much better java than java and great for non critical code, which is most of it for me nowdays as stable extendable code is far more important to most of my work than minor variations in execution time.
ultracrepidarian
noddy
Posts: 11326
Joined: Tue Dec 13, 2011 3:09 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by noddy »

Enki wrote:http://tiggzi.com/home

This seems like a pretty cool CMS for coding Android apps. We've been looking into that one.
another javascript system .. useful for quick to market web apps for people from a html background but thats not my thang.

i did have a look at http://xamarin.com/monotouch because its in a language i like but it appears only to be useful for shared libs rather than proper native interfaces so i decided against it.
ultracrepidarian
User avatar
Typhoon
Posts: 27267
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Java Software Security Alert- Advised to Disable Java

Post by Typhoon »

noddy wrote:i actually havent spent that much time with c++ because it was quite ugly for cross platform re usability back in the day and i liked/needed all my code working on the various flavours of *nix and windows so im much better with vanilla C and tend to use that in these situations.
Makes sense.
noddy wrote:then c# came along and was a much better java than java and great for non critical code, which is most of it for me nowdays as stable extendable code is far more important to most of my work than minor variations in execution time.
Maintainable code is key.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
noddy
Posts: 11326
Joined: Tue Dec 13, 2011 3:09 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by noddy »

Typhoon wrote: Maintainable code is key.
absolutely when your trying to make profit out of minimum hours of coding for maximum customer payment :)
Typhoon wrote: We use C# and C++ [for the execution time critical bits]. The CLI/C++ interface is reasonable. Intel Threaded Building Blocks and SSE and Nvidia CUDA were executing in parallel is necessary.
neat - my need over the last decade has been much simpler - mostly just doing fast binary parsers for custom hardware protocols.. various sensors and trackers and whatnot.

i will hopefully be dabbling more in this again now im investigating this graphics based project, previous to this all my work in that area was purely hacking in my hobby time playing with procedural graphics (perlin,worley,et all) and image processing for my photography.

as for parallel - in my c days i used to avoid threads as much as possible doing async chunks .. a kind of manual threading :P but im getting right into those patterns now im doing distributed models and large scaling systems.
ultracrepidarian
Hoosiernorm
Posts: 2206
Joined: Fri Dec 16, 2011 7:59 pm

Re: Java Fixed but Experts say still best not to use unless

Post by Hoosiernorm »

monster_gardener wrote:Thank you again for maintaining the Forum, Typhoon & Ymix.

Hot off the press......

Java Fixed but Experts say still best not to use unless needed

http://www.npr.org/blogs/thetwo-way/201 ... sabling-it

Days after the Department of Homeland Security said computer users should remove the latest versions of its Java software, Oracle Corp. says it has fixed the flaw, in a new update released Monday. As we reported Friday, hacking groups included the Java 7 vulnerability in new "exploit kits" this year.

Oracle provides instructions for updating to Java 7, update 11 on its website, saying the update raises the default security level for Java applets from Medium to High — which means that "the user is always warned before any unsigned application is run to prevent silent exploitation," the company says in its release notes.

But the experts who highlighted the Java 7 flaw say that even though it's fixed, users should beware, as other security problems could arise in the software.

"Unless it is absolutely necessary to run Java in web browsers, disable it... even after updating," recommends Carnegie Mellon University's CERT computer security site
Instructions and more at link..........
OK got it to work this time, no other problems.

Thanks for the link

Have no idea what I did the first time.
Been busy doing stuff
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

Re: Java Fixed but Experts say still best not to use unless

Post by monster_gardener »

Hoosiernorm wrote:
monster_gardener wrote:Thank you again for maintaining the Forum, Typhoon & Ymix.

Hot off the press......

Java Fixed but Experts say still best not to use unless needed

http://www.npr.org/blogs/thetwo-way/201 ... sabling-it

Days after the Department of Homeland Security said computer users should remove the latest versions of its Java software, Oracle Corp. says it has fixed the flaw, in a new update released Monday. As we reported Friday, hacking groups included the Java 7 vulnerability in new "exploit kits" this year.

Oracle provides instructions for updating to Java 7, update 11 on its website, saying the update raises the default security level for Java applets from Medium to High — which means that "the user is always warned before any unsigned application is run to prevent silent exploitation," the company says in its release notes.

But the experts who highlighted the Java 7 flaw say that even though it's fixed, users should beware, as other security problems could arise in the software.

"Unless it is absolutely necessary to run Java in web browsers, disable it... even after updating," recommends Carnegie Mellon University's CERT computer security site
Instructions and more at link..........
OK got it to work this time, no other problems.

Thanks for the link

Have no idea what I did the first time.
Thank you VERY Much for your reply and the Kind Words, HoosierNorm

Glad I was able to be of assistance.

Thanks for the Thanks

Your Friend
MG
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
User avatar
Azrael
Posts: 1863
Joined: Thu Dec 22, 2011 8:57 pm

Re: Java Software Security Alert- Advised to Disable Java

Post by Azrael »

I would suggest that anyone with a Windows PC who has ever, or may have used or installed Java to get Microsoft Security Essentials and run a full scan, which may take all night, or more. I've run quick scans and didn't pick anything up. I recently ran a full scan and picked up Java exploits (Java/CVE-210) and a trojan downloader (Java/OpenStream.BA).

Also, make sure to use a firewall. A firewall comes with Windows 7, so if that's all you have, you ought to activate it.
cultivate a white rose
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

MSE Full Scan good idea..........

Post by monster_gardener »

Azrael wrote:I would suggest that anyone with a Windows PC who has ever, or may have used or installed Java to get Microsoft Security Essentials and run a full scan, which may take all night, or more. I've run quick scans and didn't pick anything up. I recently ran a full scan and picked up Java exploits (Java/CVE-210) and a trojan downloader (Java/OpenStream.BA).

Also, make sure to use a firewall. A firewall comes with Windows 7, so if that's all you have, you ought to activate it.
Thank You VERY MUCH for the suggestion, Azrael.....

Found some malware.........

Similar to what you found.......

Thanks again.....
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
Post Reply