Do you use Java runtime on your pc? better read this.

[Western]

I have Java on my desktop. but have it's off most of the , this isn't the 1st time Java has had vulnerabilities.

I never allowed it on this lap-top, dont need enough. I never allow auto update anything if I can help it, I want to know whats going in, even reputable companies have updates that have bugs, so on major updates I will usually put them off. Most security updates from Microsoft I'll update quick, but when a new browser version or something similar comes out, I wait.

 

[CompactTractorFan]

My dad (who is in the IT industry) told me about this, so I disabled it for now. In Firefox it tells you which java plugin is the problem, but I disabled them all.

 

[texasjohn]

I run noScript as well...love it...best for people who are familiar with how the internet works...I was amazed at the large number of URL's that were seeking to mess with me and my apps at every site I visit. Sometimes it blocks stuff I want to see...but it is easy to selectively allow links, one at a time if desired.

 

[Redbug]

An FYI - There's Java and there's Javascript. The security issue pertains to Java, not Javascript. Disabling Javascript will break a lot of pages.

So make sure you disable Java (plug-in in firefox) not Javascript (in options/content in firefox).

 

[whistlepig]

Do you even know how many manufacturing systems and CNC machines are communicated to by Java? Do you know what Oracle is?

 

[dave1949]

Do you even know how many manufacturing systems and CNC machines are communicated to by Java? Do you know what Oracle is?

How wide-spread is Java these days? I know what Oracle is, it's the product that allowed me to not have a mortgage :laughing:

 

[whistlepig]

I can not believe this. This is "Chicken Little" saying that the "The sky is falling."

 

[Bird]

I can not believe this. This is "Chicken Little" saying that the "The sky is falling."

The more I read about this, the more I think you're right.:laughing:

 

[dmccarty]

This is a serious vulnerability. Hackers use software tools that contain exploits. This exploit is supposed to have been incorporated into at least a few of these hacking tools.

CERT is one of the US organizations that handles security vulnerabilities. When CERT talks, the information is very reliable.

This vulnerability is for Java applets, not Java applications, thus the attack is through a web page that gets you to run an applet. I run some Java applications. These applications are NOT run in a browser and they are not vulnerable UNLESS the program included a web browser. Some Java applications DO include web browsers so the user has to be aware. I don't think many Java applications contain their own web browser. The vulnerability is also only on Java 7. What is a wee bit disturbing to me is,

Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability.

I don't use Office and I don't think I use Windows Desktop Search.

These vulnerabilities are scored on a scale of 1 to 10 with 10 being highest aka most severe. This vulnerability is a 10. To fix this problem, Oracle will have to release an updated Java.

Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code

Overview
Java 7 Update 10 and earlier Java 7 versions contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

...

Impact
By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability.

Solution
We are currently unaware of a practical solution to this problem. Please consider the following workarounds:
Disable Java in web browsers

...

This vulnerability is only for Java 7. At this point, previous versions of Java would have been tested for the vulnerability, and since they are not being mentioned, they should be ok.

https://www.us-cert.gov/cas/techalerts/TA13-010A.html

Systems Affected
Any system using Oracle Java 7 (1.7, 1.7.0) including
Java Platform Standard Edition 7 (Java SE 7)
Java SE Development Kit (JDK 7)
Java SE Runtime Environment (JRE 7)
All versions of Java 7 through update 10 are affected. Web browsers using the Java 7 plug-in are at high risk.

To see if Java is installed on your system, go to, Verify Java Version

The only thing you need to do is disable the Java execution in your web browser IF you system has installed Java 7. Well, it would be safer to just disable your browser from using Java.

This link tells how to secure a web browser and includes disabling Java. https://www.us-cert.gov/reading_room/securing_browser/#Safari. It is kinda long and quick google with "disable java in browser" will likely turn up short instructions.

I have read multiple news reports and everyone of them had inaccurate information.

Later,
Dan

 

[Bird]

Dan, I used your link to "Verify Java Version", even though I knew I had 7. Well, it showed I have Version 7, update 9, and recommended update 10.

I have read multiple news reports and everyone of them had inaccurate information.

Isn't that standard operating procedure for the news media?:laughing: