Java: Red Alert

Skybird · 09-05-12, 06:55 AM

Once again.

As some of you may have noted, Java currently is in big troubles this year (was there ever a time when it wasn't?).

The recent update 7 for Java 7, just some days ago, was meant to close some of the security holes (not all) reported to Oracle by some Polish programmer in Spring this year. The problem, both the update to Java 7 and the update 7 for Java7 bring troubles of their own. The same guy has filed another report now, indicating that there alraedy is an exploit possible to simply switch off the Java-inbuilt sandbox, and breaking out that way. In other words Oracle has done a stinking brown mess of a job. Reports from IT-magazines say this exploit already is in use now and is spreading rapidly. First links of this exploiut with malware code have been detected - even for the update 07 which has been released just days ago. A test done by a German lab showed that only 9 of the tested 22 security software suits were able to identify and block it - which is what this Polish programmer has predicted, saying that antivirus and malware scanner will find it extremely difficult to find these new exploits.

There is currently only one reasonable option. As uncomfortable as it is: if you haven't already deactivated Java, do it now. For Windows-Explorer users this means that you have to uninstall it, AFAIK it cannot be just switched off. The Javascript entry that you find in the security settings of Explorer, is something totally different from Java, don'T assume you did deactivate Java when unticking that one.

You should be able to find articles on this easily via google, I had it all from German magazinse and blogs, so it is little use for most people to link to these. But the web is full of it, really. Check for something like zero-day exploit Java7 update 7, or limit search to timestamps not older than one day or one week.

Microsoft has never cared to carefully implement Java into Windows. That'S why Java is a total mess since so many years. It is a big drama that Java is so omnipresent nevertheless.

Surfing without Java will make a visible effect on your surfing experience - you have been advised. The risk-benefit-assessment is up to you. Just take into account that if you compromise your system, you also compromise the system of others with whom your system makes contact via the web.

09-05-12, 06:55 AM	#1
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,604 Downloads: 10 Uploads: 0	Java: Red Alert Once again. As some of you may have noted, Java currently is in big troubles this year (was there ever a time when it wasn't?). The recent update 7 for Java 7, just some days ago, was meant to close some of the security holes (not all) reported to Oracle by some Polish programmer in Spring this year. The problem, both the update to Java 7 and the update 7 for Java7 bring troubles of their own. The same guy has filed another report now, indicating that there alraedy is an exploit possible to simply switch off the Java-inbuilt sandbox, and breaking out that way. In other words Oracle has done a stinking brown mess of a job. Reports from IT-magazines say this exploit already is in use now and is spreading rapidly. First links of this exploiut with malware code have been detected - even for the update 07 which has been released just days ago. A test done by a German lab showed that only 9 of the tested 22 security software suits were able to identify and block it - which is what this Polish programmer has predicted, saying that antivirus and malware scanner will find it extremely difficult to find these new exploits. There is currently only one reasonable option. As uncomfortable as it is: if you haven't already deactivated Java, do it now. For Windows-Explorer users this means that you have to uninstall it, AFAIK it cannot be just switched off. The Javascript entry that you find in the security settings of Explorer, is something totally different from Java, don'T assume you did deactivate Java when unticking that one. You should be able to find articles on this easily via google, I had it all from German magazinse and blogs, so it is little use for most people to link to these. But the web is full of it, really. Check for something like zero-day exploit Java7 update 7, or limit search to timestamps not older than one day or one week. Microsoft has never cared to carefully implement Java into Windows. That'S why Java is a total mess since so many years. It is a big drama that Java is so omnipresent nevertheless. Surfing without Java will make a visible effect on your surfing experience - you have been advised. The risk-benefit-assessment is up to you. Just take into account that if you compromise your system, you also compromise the system of others with whom your system makes contact via the web. __________________ If you feel nuts, consult an expert.