Discussion Topic |
|
This thread has been locked |
| Messages 1 - 35 of total 35 in this topic |
nature
climber
Boulder, CO
|
|
|
Jan 11, 2013 - 10:23pm PT
|
didn't they also tell us to stalk up on duct tape and water for y2k?
edit: i typed 'stalk'... leaving it!
|
|
zBrown
Ice climber
chingadero de chula vista
|
|
|
Topic Author's Reply - Jan 11, 2013 - 10:27pm PT
|
the present generation under the age 25 is holy and wise
|
|
mechrist
Gym climber
South of Heaven
|
|
|
Jan 12, 2013 - 01:57am PT
|
THEY CAN HAVE MY COFFEE WHEN THEY PRY IT FROM MY COLD DEAD HANDS!
|
|
mouse from merced
Trad climber
The finger of fate, my friends, is fickle.
|
|
|
Jan 12, 2013 - 02:24am PT
|
Brazil nuts, commonly referred to as nigger toes, walked out of talks today with Djakarta's top coffee experts and exporters in a protest against renaming the popular beverage.
Many coffee drinkers call their cup of joe "Java." There is a movement afoot to get as many people as possible to call the drink not "Java" but "Brazil," since it is a staple of the Brazilian economy, even moreso than that of Indonesia, or Malaysia, or whatever they call the place.
Brazil nuts have often sided with non-coffee interests in the past, and they are referred to in the coffee trade as Joe Toes or Ho Joes, thought to be a double entendre aimed at the popular chain restaurant, Howard Johnson's, which serves Brazilians as well as Indonesians. It's law.
My brain is sore now. Can I go to bed? I don't want to have to explain that again.
|
|
froodish
Social climber
Portland, Oregon
|
|
|
Jan 12, 2013 - 03:08pm PT
|
Almost all of the recent bad browser exploits have used either Flash, Java or PDF. Disabling all those in your browser is prudent IMO.
|
|
TwistedCrank
climber
Dingleberry Gulch, Ideeho
|
|
|
Jan 12, 2013 - 03:56pm PT
|
Let's hope this sounds the death knell for Oracle. That would be funny as all get out.
OK Wishful thinking, but whatever.
|
|
Wade Icey
Trad climber
www.alohashirtrescue.com
|
|
|
Jan 12, 2013 - 04:19pm PT
|
I dont drink coffee, so, no.
|
|
zBrown
Ice climber
chingadero de chula vista
|
|
|
Topic Author's Reply - Jan 12, 2013 - 04:47pm PT
|
^Yeah I don't think Oracle will die soon
Oracle continues to be steady in terms of selling new database and middleware licenses and cloud-service subscriptions, which rose 5 percent over 2011. Conversely, Oracle is still struggling in its hardware division, which makes servers, storage, switches, and other items. Total hardware revenue dipped 19 percent from a year ago.
http://www.eweek.com/c/a/Database/Oracle-Profits-Up-But-Revenues-Slip-128028/
|
|
Reilly
Mountain climber
The Other Monrovia- CA
|
|
|
Jan 12, 2013 - 05:00pm PT
|
Let me get this straight, the person who checks my bung hole at the airport
is also telling me what's gud for my 'puter? Damn! The guvmint is really
getting cost effective!
|
|
jstan
climber
|
|
|
Jan 12, 2013 - 05:13pm PT
|
My browser is too old to allow me to access the government link above. I would disable Java if I
could find the application allowing it. I have started to encounter more Java script icons on my
desktop and the computer's performance has gotten more and more unreliable. It could be caused
by changes in software generation being used out there, or it could be a symptom of something else.
|
|
froodish
Social climber
Portland, Oregon
|
|
|
Jan 12, 2013 - 09:44pm PT
|
John,
Java != JavaScript
Despite the similar names they are not related. Java in the browser is implemented as a plugin and I doubt you'll miss it if you disable it.
|
|
ec
climber
ca
|
|
|
Jan 13, 2013 - 12:24am PT
|
Say, "NO!" to Decaf!!
|
|
froodish
Social climber
Portland, Oregon
|
|
|
Jan 13, 2013 - 01:04am PT
|
This kind of sh1t is highlarious.
Disable ur computer! Only way you're gonna be "safe".
Well, I for one in computing (and climbing) usually pay attention to the odds. Given that almost all the recent browser exploits have been due to shoddy programming in the Flash, Java and PDF browser plugins (and there's one about every month), I choose to disable those. Not sure why that's "highlarious", seems like the smart thing to do IMO.
|
|
TwistedCrank
climber
Dingleberry Gulch, Ideeho
|
|
|
Jan 13, 2013 - 10:35am PT
|
Java programmers make big bucks. Especially if its bolted to Oracle.
Somebody's making out, and its not the consumer.
I was at Hidden Valley and Larry Ellison was there, and he got all bitchy when I urinated on his campfire. I told him to take a chill pill.
|
|
Reilly
Mountain climber
The Other Monrovia- CA
|
|
|
Jan 14, 2013 - 11:06am PT
|
I would like some straight up honest advice from a non-paranoid. Is there
really anything to this? I have to have Java on my machine so the wife can
access her work system from home, otherwise she never comes home. I thought
I saw on WindowsBBS that Oracle had fixed it.
|
|
Crimpergirl
Sport climber
Boulder, Colorado!
|
|
|
Jan 14, 2013 - 11:33am PT
|
Agreed Reilly. I have a homework software that comes with a stats text that my students use (I clearly have to get into it). It seems it's java based.
Thoughts for the person who doesn't speak computer language? What to do?
|
|
squishy
Mountain climber
|
|
|
Jan 14, 2013 - 12:23pm PT
|
Let's hope this sounds the death knell for Oracle.
Why would we hope for that?
Besides Oracle's business is hardly java, it's many things. We gave them 25 mil this year to upgrade all our hardware and software, it's some pretty nifty stuff..
|
|
kunlun_shan
Mountain climber
SF, CA
|
|
|
Jan 14, 2013 - 12:40pm PT
|
Interesting article, khanom. Thanks!
Reilly, I don't know how technically saavy you are, or how much trouble/work you are willing to do, but Virtualbox could be a good fix. Its free and fairly easy to implement. I've found this guide straightforward, and it walks you through enough that by the end, you'd have a good understanding of this flavor of VM: http://www.packtpub.com/virtualbox-3-1-beginners-guide/book . On the machine you use now, setup one VM with what your wife needs, and another for browsing the web.
Plus its very cool and fun to be able to run the equivalent of multiple computers, each with whatever OS you want, at the same time on a single machine. Unless you have a very old, slow computer you might only need some extra RAM.
|
|
zBrown
Ice climber
chingadero de chula vista
|
|
|
Topic Author's Reply - Jan 14, 2013 - 01:53pm PT
|
which could result in the installation of malware, identity theft or used to rope personal computers in to becoming unauthorized botnets -- which can then be used in denial-of-service attacks against other sites.
You would think that some (all) of the security vendors should be able to update their software to detect whether a machine has been compromised, even if they can't prevent it.
EDIT:
After doing some poking around on this, it appears that this task is more difficult than you might suspect.
Here's an interesting article on using one free tool, Sysinternals Process Explorer, to detect and clean a system.
http://www.windowsecurity.com/articles/Hunt-Down-Kill-Malware-Sysinternals-Tools-Part1.html
quote from another artucle
The problem is that if you have no idea what you are looking for, it's almost impossible to find it. Suppose a process has made itself hidden to the task manager by hooking EnumProcesses. You might think this would be an easy case to detect. However, the process could be hooking EnumProcesses through a variety of different ways. For example, an unconditional hook at the start of the function, an IAT hook, causing an access violation to occur at EnumProcessesand catching that with a VEH and modifying the EIP/RIP, etc. etc. Even in this simple case, it is not possible to guarantee detection of the hook. This is all assuming that the hook has been performed at usermode on a specific API and also that the code makes no attempt to hide itself from detection.
If you are looking for general guidelines, the best method is probably to look at common detouring techniques.
|
|
Reilly
Mountain climber
The Other Monrovia- CA
|
|
|
Jan 14, 2013 - 01:58pm PT
|
Khanom, good article but I still need to use Java if I ever want to see me wife.
|
|
froodish
Social climber
Portland, Oregon
|
|
|
Jan 14, 2013 - 02:44pm PT
|
Reilly,
Do you need the Java browser plugin, or just need the Java environment installed? (ie: does you wife initiate the action through the browser, or does she launch a Java executable?)
The main danger is from "drive by" attacks (unknowingly visiting a website that is distributing the malware - and contrary to the advice in one of the linked articles earlier, there are sometimes "legit" sites that have been compromised and are distributing things like this so just staying away from pr0n sites doesn't ensure safety)
If you don't need the browser plugin, disable it (Chrome, Firefox and Safari let you easily disable the plugin). If you do need it, only enable the plugin only when you need it and disable it for all other browsing.
|
|
Reilly
Mountain climber
The Other Monrovia- CA
|
|
|
Jan 14, 2013 - 03:05pm PT
|
It's a complicated logon process but I think it starts with the browser*.
But then it seems like there's a Java app in the next step. I guess she
should just call one of her IT guys from home so I can translate. Not that
I'm so hot but, well, between you and me and these four walls, let's just
say she doesn't get by on her 'puter expertise. ;-)
*I don't pay much attention - don't wanna get brought up on HIPA charges!
|
|
zBrown
Ice climber
chingadero de chula vista
|
|
|
Topic Author's Reply - Feb 5, 2013 - 09:13am PT
|
Java Stumbles Again
Not long after the Department of Homeland Security was advising users to disable Java, another flaw has been discovered in Oracle's programming language.
Last week a bug was found that undermined Java's "maximum security setting." That setting, which Oracle activated by default in the last hasty update of the software, requires a user to give their OK to run unsigned Java applets. Because of the flaw, unsigned Java apps can run on a Windows system regardless of the Java security settings.
Instead of fixing security issues found in the previous version of Java, the most recent release of the program merely sidesteps them, said Bogdan Botezatu, a senior e-threat analyst with cyber security software maker Bitdefender.
"They just tried to prevent the user from triggering the issue," Botezatu told TechNewsWorld.
Leaving the resolution of security issues to the user is not a good idea. "One of the worse things a developer can do is let the user make security decisions," he said. If a pop-up message appears when a user is in the middle of doing something they want done, they'll click OK regardless of what the message says.
|
|
Ken M
Mountain climber
Los Angeles, Ca
|
|
following up on concerns raised by computer security experts.
So it's NOT the gov't, it is the community of private computer security experts.
The gov't is passing the word along.
|
|
froodish
Social climber
Portland, Oregon
|
|
Your regularly scheduled Flash exploit for Feb:
http://arstechnica.com/security/2013/02/adobe-issues-emergency-flash-update-for-attacks-on-windows-mac-users/
Affects Windows and Mac. It's out there in the wild.
Adobe has released security updates for Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.261 and earlier versions for Linux, Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.
Adobe advisory here:
https://www.adobe.com/support/security/bulletins/apsb13-04.html
|
|
froodish
Social climber
Portland, Oregon
|
|
And yet another zero day Java exploit is in the wild.
Hackers are exploiting a previously unknown and currently unpatched vulnerability in the latest version of Java to surreptitiously infect targets with malware, security researchers said Thursday night.
The critical vulnerability is being exploited to install a remote-access trojan dubbed McRat, researchers from security firm FireEye warned. The attacks work against Java versions 1.6 Update 41 and 1.7 Update 15, which are the latest available releases of the widely used software. The attack is triggered when people with a vulnerable version of the Java browser plugin visit a website that has been booby-trapped with attack code. FireEye researchers Darien Kindlund and Yichong Lin said the exploit is being used against "multiple customers" and that they have "observed successful exploitation."
Disable Java in your browser if you haven't already.
|
|
zBrown
Ice climber
Brujo de La Playa
|
|
|
Topic Author's Reply - Jan 21, 2014 - 10:05am PT
|
No action here for some time. Disabling Java does cause certain applications to complain, e.g. Youtube.
What is anyone thinking on this currently?
|
|
| Messages 1 - 35 of total 35 in this topic |
|
SuperTopo on the Web
|
Let us know!