Attackers Pounce On Zero-Day Java Exploit

[brucefidalgo]

http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/

[ritchie58]

I was pretty sure I didn't but I did check my Firefox browser and I don't have the Java plugin installed. I think my roomy's old XP machine has the Java plugin though. That's something I'm definitely going to look into. Thanks for the heads up on this new Java exploit Bruce.

[brucefidalgo]

I was pretty sure I didn't but I did check my Firefox browser and I don't have the Java plugin installed. I think my roomy's old XP machine has the Java plugin though. That's something I'm definitely going to look into. Thanks for the heads up on this new Java exploit Bruce.

i turned off javaScript in chrome but could not get into my gmail so i turned it back on again. i sandboxed Java in comodo def+ but don't know if this will protect me..Javascript is not Java so does not need to be turned off..

[ritchie58]

If it's sandboxed then no permanent changes to your system should take place as long as it remains that way. Do you still have access to your email client with Java sandboxed? I was also wondering how well the NoScript add-on would protect you against this type of exploit? NoScript gives you pretty much total control over which applets you choose to let load including Java scripts on a site by site basis. So I think that would give you some protection.

[brucefidalgo]

http://www.zdnet.com/oracle-issues-major-java-security-fix-recommends-immediate-action-7000003517/ Oracle issues major Java security fix; recommends immediate action

[ritchie58]

Wow! Oracle usually doesn't release updates other than their own planed release schedule so you know this is not the norm. It's good they're addressing this issue sooner than later in this instance in my opinion.

[brucefidalgo]

Wow! Oracle usually doesn't release updates other than their own planed release schedule so you know this is not the norm. It's good they're addressing this issue sooner than later in this is instance in my opinion.

After i saw this i installed java again and sandboxed it with def+ during install just to play around with it. A few hours later i uninstalled it aqain because i don't think i need it and if i play in a snake pit a might get bitten..lol

[ritchie58]

You know there's not a lot of sites that require the Java plugin to be installed to function properly actually. One site that does require it that I know of is the NOAA Weather radar site to load the animated weather data.

[ritchie58]

Even though Oracle issued a security update for Java 7 runtime it has been found to still contain vulnerabilities. Click here for more details. So I guess it's back to the drawing board for Oracle.

[brucefidalgo]

Even though Oracle issued a security update for Java 7 runtime it has been found to still contain vulnerabilities. Click here for more details. So I guess it's back to the drawing board for Oracle.

i thought this would happen that more security holes would be found. it looks like it will always be this way with java.

[brucefidalgo]

http://nakedsecurity.sophos.com/2012/09/03/java-security-hole-microsoft/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security ...Online scammers are using a recent email from Microsoft as bait in a widespread spam campaign that exploits vulnerabilities in Oracle’s Java software to install malicious programs on vulnerable systems.

[ritchie58]

This situation is going from bad to worse! It didn't take very long at all for someone to find a way to exploit the latest vulnerabilities in Java 7.