brucefidalgo Posted August 28, 2012 Report Share Posted August 28, 2012 http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/ Link to comment Share on other sites More sharing options...
ritchie58 Posted August 28, 2012 Report Share Posted August 28, 2012 I was pretty sure I didn't but I did check my Firefox browser and I don't have the Java plugin installed. I think my roomy's old XP machine has the Java plugin though. That's something I'm definitely going to look into. Thanks for the heads up on this new Java exploit Bruce. Link to comment Share on other sites More sharing options...
brucefidalgo Posted August 28, 2012 Author Report Share Posted August 28, 2012 I was pretty sure I didn't but I did check my Firefox browser and I don't have the Java plugin installed. I think my roomy's old XP machine has the Java plugin though. That's something I'm definitely going to look into. Thanks for the heads up on this new Java exploit Bruce. i turned off javaScript in chrome but could not get into my gmail so i turned it back on again. i sandboxed Java in comodo def+ but don't know if this will protect me..Javascript is not Java so does not need to be turned off.. Link to comment Share on other sites More sharing options...
ritchie58 Posted August 28, 2012 Report Share Posted August 28, 2012 If it's sandboxed then no permanent changes to your system should take place as long as it remains that way. Do you still have access to your email client with Java sandboxed? I was also wondering how well the NoScript add-on would protect you against this type of exploit? NoScript gives you pretty much total control over which applets you choose to let load including Java scripts on a site by site basis. So I think that would give you some protection. Link to comment Share on other sites More sharing options...
brucefidalgo Posted August 30, 2012 Author Report Share Posted August 30, 2012 http://www.zdnet.com/oracle-issues-major-java-security-fix-recommends-immediate-action-7000003517/ Oracle issues major Java security fix; recommends immediate action Link to comment Share on other sites More sharing options...
ritchie58 Posted August 31, 2012 Report Share Posted August 31, 2012 Wow! Oracle usually doesn't release updates other than their own planed release schedule so you know this is not the norm. It's good they're addressing this issue sooner than later in this instance in my opinion. Link to comment Share on other sites More sharing options...
brucefidalgo Posted August 31, 2012 Author Report Share Posted August 31, 2012 Wow! Oracle usually doesn't release updates other than their own planed release schedule so you know this is not the norm. It's good they're addressing this issue sooner than later in this is instance in my opinion. After i saw this i installed java again and sandboxed it with def+ during install just to play around with it. A few hours later i uninstalled it aqain because i don't think i need it and if i play in a snake pit a might get bitten..lol Link to comment Share on other sites More sharing options...
ritchie58 Posted August 31, 2012 Report Share Posted August 31, 2012 You know there's not a lot of sites that require the Java plugin to be installed to function properly actually. One site that does require it that I know of is the NOAA Weather radar site to load the animated weather data. Link to comment Share on other sites More sharing options...
ritchie58 Posted September 3, 2012 Report Share Posted September 3, 2012 Even though Oracle issued a security update for Java 7 runtime it has been found to still contain vulnerabilities. Click here for more details. So I guess it's back to the drawing board for Oracle. Link to comment Share on other sites More sharing options...
brucefidalgo Posted September 3, 2012 Author Report Share Posted September 3, 2012 Even though Oracle issued a security update for Java 7 runtime it has been found to still contain vulnerabilities. Click here for more details. So I guess it's back to the drawing board for Oracle. i thought this would happen that more security holes would be found. it looks like it will always be this way with java. Link to comment Share on other sites More sharing options...
brucefidalgo Posted September 4, 2012 Author Report Share Posted September 4, 2012 http://nakedsecurity.sophos.com/2012/09/03/java-security-hole-microsoft/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security ...Online scammers are using a recent email from Microsoft as bait in a widespread spam campaign that exploits vulnerabilities in Oracle’s Java software to install malicious programs on vulnerable systems. Link to comment Share on other sites More sharing options...
ritchie58 Posted September 4, 2012 Report Share Posted September 4, 2012 This situation is going from bad to worse! It didn't take very long at all for someone to find a way to exploit the latest vulnerabilities in Java 7. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.