Disable Java? think about it.

Search
Go

Discussion Topic

Return to Forum List
Post a Reply
Messages 41 - 47 of total 47 in this topic << First  |  < Previous  |  Show All  |  Next >  |  Last >>
The user formerly known as stzzo

climber
Sneaking up behind you
Jan 14, 2013 - 04:56pm PT
Ah, I read more carefully -- the ZDNet article separates social engineering exploits from the java exploits and doesn't say that it's only a problem when you click on a link that someone sends you.
zBrown

Ice climber
chingadero de chula vista
Topic Author's Reply - Feb 5, 2013 - 09:13am PT
Java Stumbles Again

Not long after the Department of Homeland Security was advising users to disable Java, another flaw has been discovered in Oracle's programming language.

Last week a bug was found that undermined Java's "maximum security setting." That setting, which Oracle activated by default in the last hasty update of the software, requires a user to give their OK to run unsigned Java applets. Because of the flaw, unsigned Java apps can run on a Windows system regardless of the Java security settings.

Instead of fixing security issues found in the previous version of Java, the most recent release of the program merely sidesteps them, said Bogdan Botezatu, a senior e-threat analyst with cyber security software maker Bitdefender.

"They just tried to prevent the user from triggering the issue," Botezatu told TechNewsWorld.

Leaving the resolution of security issues to the user is not a good idea. "One of the worse things a developer can do is let the user make security decisions," he said. If a pop-up message appears when a user is in the middle of doing something they want done, they'll click OK regardless of what the message says.
Ken M

Mountain climber
Los Angeles, Ca
Feb 5, 2013 - 11:22am PT
following up on concerns raised by computer security experts.

So it's NOT the gov't, it is the community of private computer security experts.

The gov't is passing the word along.
zBrown

Ice climber
chingadero de chula vista
Topic Author's Reply - Feb 5, 2013 - 11:43am PT
The link is here


Taxonomy of Conflicts in Network Security Policiesby H Hamed - 2006 -
Cited by 34 - Related articles Policy conflicts may cause serious security
breaches and network .... security policies. Figure 3 shows the
organization of our taxonomy of these conflicts. ...
ieeexplore.ieee.org/iel5/35/33764/01607877.pdf

http://ieee.org/searchresults/index.html?cx=006539740418318249752%3Af2h38l7gvis&cof=FORID%3A11&qp=&ie=UTF-8&oe=UTF-8&q=Taxonomy+of+network+security+breaches&siteurl=ieee.org%2Findex.html#1005




froodish

Social climber
Portland, Oregon
Feb 7, 2013 - 08:09pm PT
Your regularly scheduled Flash exploit for Feb:

http://arstechnica.com/security/2013/02/adobe-issues-emergency-flash-update-for-attacks-on-windows-mac-users/

Affects Windows and Mac. It's out there in the wild.

Adobe has released security updates for Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.261 and earlier versions for Linux, Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.

Adobe advisory here:

https://www.adobe.com/support/security/bulletins/apsb13-04.html
froodish

Social climber
Portland, Oregon
Mar 1, 2013 - 01:03pm PT
And yet another zero day Java exploit is in the wild.

Hackers are exploiting a previously unknown and currently unpatched vulnerability in the latest version of Java to surreptitiously infect targets with malware, security researchers said Thursday night.

The critical vulnerability is being exploited to install a remote-access trojan dubbed McRat, researchers from security firm FireEye warned. The attacks work against Java versions 1.6 Update 41 and 1.7 Update 15, which are the latest available releases of the widely used software. The attack is triggered when people with a vulnerable version of the Java browser plugin visit a website that has been booby-trapped with attack code. FireEye researchers Darien Kindlund and Yichong Lin said the exploit is being used against "multiple customers" and that they have "observed successful exploitation."

Disable Java in your browser if you haven't already.
zBrown

Ice climber
Brujo de La Playa
Topic Author's Reply - Jan 21, 2014 - 10:05am PT
No action here for some time. Disabling Java does cause certain applications to complain, e.g. Youtube.


What is anyone thinking on this currently?

Messages 41 - 47 of total 47 in this topic << First  |  < Previous  |  Show All  |  Next >  |  Last >>
Return to Forum List
Post a Reply
 
Our Guidebooks
Check 'em out!
SuperTopo Guidebooks


Try a free sample topo!

 
SuperTopo on the Web

Review Categories
Recent Route Beta
Recent Gear Reviews