Java Security Vulnerability and Chat Jan 13, 2013

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

HowardE

HowardE

Diver
Staff member
ScubaBoard Supporter
Messages
19,206
Reaction score
1,449
Location
Boca Raton, Florida
# of dives
2500 - 4999
Some people may have seen a notice about a Java security vulnerability in their favorite browser (or maybe not)... Anyway.. Here's an article about it from Oracle (Java developers) website.

https://blogs.oracle.com/security/entry/security_alert_for_cve_2013

It is recommended you update your java to the latest version (Version 7 Update 11) here -> Download Free Java Software

Additionally, it's possible that firefox browser may automatically disable java for you. After this update, it's ok to re-enable it.

For more reading on the Version 7 Update 10 security vulnerability, you can read this http://blogs.computerworld.com/cybe...oracle-patches-java-7-security-flaw-update-11
 
Last edited:
HowardE:
Some people may have seen a notice about a Java security vulnerability in their favorite browser (or maybe not)... Anyway.. Here's an article about it from Oracle (Java developers) website.

https://blogs.oracle.com/security/entry/security_alert_for_cve_2013

It is recommended you update your java to the latest version (Version 7 Update 11) here -> Download Free Java Software

Additionally, it's possible that firefox browser may automatically disable java for you. After this update, it's ok to re-enable it.

For more reading on the Version 7 Update 10 security vulnerability, you can read this Oracle patches Java 7 security flaw with Update 11 | Computerworld Blogs
Click to expand...

My recommendations for friends and family:

1. Remove Java altogether unless a specific, important application* requires it. (Find a replacement for that application if at all possible.) Windows: How do I uninstall Java on my Windows computer? (java.com) Mac: How do I uninstall Java 7 for my Mac? (java.com)

2. If there is a specific need for Java for an application, disable Java support in ALL browsers. Java zero-day exploit: Don't patch, just disable Java in your browser (slate.com). Note: You don't have to remove JavaScript support.

3. If a critical website requires Java in the browser, dedicate one browser with Java support enabled only for that website; use an alternate browser for all other internet surfing, etc. (Find a replacement for that website if at all possible.)

* In many cases, this "critical" application turns out to be Minecraft. Go figure.
 
Let's face it. The only way for your PC to be %100 safe is to disconnect it from the world: no internet! The chances that you will be affected by any particular virus/attack are slim, but they are present. If you run Windows, please run updates on a regular (daily) basis and be sure to install AV software. Even though the chances are slim that any particular attack will find you, chances are excellent that you will be hit by one of the myriads of attacks out there. Back up critical files often, especially pictures and be prepared to re-install your OS at some time. If you are running a Linux or Mac OS, you're not immune, but the chances are reduced considerably.
 
I read somewhere than an analysis of comprimised bot machines showed that something like 50% of them were compromised through Java, 29% through Acrobat Reader, and the rest were other various exploits. That says a lot about Oracles 3 monthly patch routine!
 
OzGriffo:
I read somewhere than an analysis of comprimised bot machines showed that something like 50% of them were compromised through Java, 29% through Acrobat Reader, and the rest were other various exploits. That says a lot about Oracles 3 monthly patch routine!
Click to expand...

Yeah right , was it written on Microsoft.com :D
 
OzGriffo:
I read somewhere than an analysis of comprimised bot machines showed that something like 50% of them were compromised through Java, 29% through Acrobat Reader, and the rest were other various exploits. That says a lot about Oracles 3 monthly patch routine!
Click to expand...
Shortly after you posted that, I open an Adobe document I'd previously review and my Avast came alive! I ran a boot scan that night and it found an infection in my Adobe reader. Looks like 6 of the last 7 problems it's found were Adobe or Java.

Java is still being accused of problems. Oracle Latest Java Update Comes With Security Holes, Researchers Say

And there seems to be malware pretending to be a Java fix: Watch Out! Malware Posing as Java Update

I am doing fine without it. :wink:
 
You must log in or register to reply here.

Similar threads

thez_yo
Chat doesn't work
2 3
Replies
24
Views
881
NAM001
N
Ken Kurtis
TWARS (This Week at Reef Seekers) - December 16-23
Replies
2
Views
628
Sam Miller III
Sam Miller III
Ken Kurtis
TWARS (This Week at Reef Seekers) - December 21-28
Replies
1
Views
419
drbill
drbill
Sea Save Foundation
Week in Review 14/11/2015
Replies
0
Views
524
Sea Save Foundation
Sea Save Foundation
Westwinds
FS: Complete Trimix Evolution (tons of extras - VR3,analyzer, sofnolime,argon, parts)
Replies
0
Views
3,238
Westwinds
Westwinds
https://www.shearwater.com/products/peregrine/

Back
Top Bottom