Disable Java NOW, users told, as 0-day exploit hits web (reg headline)

Started by Gary, Aug 28, 2012, 16:16:53

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Gary

A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle's Java patch schedule, it may be some time before a fix becomes widely available.

The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday, while PCs with Java versions 1.6 or earlier installed are not at risk.

The vulnerability allows attackers to use a custom web page to force systems to download and run an arbitrary payload – for example, a keylogger or some other type of malware. The payload does not need to be a Java app itself.


http://www.theregister.co.uk/2012/08/27/disable_java_to_block_exploit/
Damned, if you do damned if you don't

Technical Ben

Disable browser plugins, or a full uninstall of Java? (Not much will work if it's uninstalled. :P )
I use to have a signature, then it all changed to chip and pin.

Gary

I don't have it installed, seems Java is worse than Flash these days  :( I imagine most people will still have Java 1.6 anyway.
Damned, if you do damned if you don't

Baz

strange you should say that Gary, my AV picked up something with java last week after a java update    :o :o


with out sound ing daft   how do you disable it and what will stop working when its disabled.

I have version 7   is it that one?

Steve

You disable from with in the browser settings/preferences. You may wish to keep a separate browser with java enabled just for the times you need it ie a diagnostic BT Speedtest.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Baz

dont think I would be able to manage with it disabled on some sites.Just tried it and one site I need for work is not even showing drop down menus for log off options, and some content of diary/info type listings

Steve

That's why I suggested using two browsers, one for sites that need java and the other browser for general Internet use.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.


Technical Ben

Is Sandboxie now Win7 compatible? Was only XP last time I checked (really useful program too, especially for not breaking too much :P ).
I use to have a signature, then it all changed to chip and pin.


sobranie

Quote from: Technical Ben on Aug 28, 2012, 20:26:23
Is Sandboxie now Win7 compatible? Was only XP last time I checked (really useful program too, especially for not breaking too much :P ).
Seems to work OK on Win7 64bit (just d/l it).

JB

How can I tell which version I have? This is a screen grab from my Firefox add-on manager:-
JB

'Keyboard not detected ~ Press F1 to continue'

Steve

I found a site last night which if java was enabled gave the version. I thought that useful as you can also reassure yourself that you've disabled it. 

http://javatester.org/version.html
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

JB

JB

'Keyboard not detected ~ Press F1 to continue'

Baz

Quote from: JB on Aug 29, 2012, 08:54:39
How can I tell which version I have? This is a screen grab from my Firefox add-on manager:-


Im on XP and can tell by      control panel > double click Java icon > in the general tab click About       the version is there


Im not sure but the addons in Firefox are just that,  add ons,   and have to be disabled from the add on manager...I think. Correct me if i'm wrong please.


then if you go to the  ' Java '   tab  then the ' View ' button it will show ch you have installed and if they are enabled.

I have   1.7  and 1.6   installed, both were ticked so I just unticked 1.7 for now and left 1.6 enabled.

Steve

Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

I did nothing about this, and the world hasn't ended.  I sometimes wonder if The Register is getting a little knee jerk and alarmist.
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

.Griff.

Quote from: Simon on Aug 31, 2012, 11:14:46
I did nothing about this, and the world hasn't ended.  I sometimes wonder if The Register is getting a little knee jerk and alarmist.

Same here. I sometimes think people like to find something to worry about.


Steve

It was widely reported on the Internet, however I would think the risk for the majority of home users was neglible. Those of us who are less fastidious with java updates seemed also to be unaffected.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

armadillo

In Firefox, I use the Prefbar addon. This has a little dropdown menu that allows you to toggle java, flash and many other nuisances features.

I browse with java and flash turned off unless I am on some site where I feel the need to enable either of them.

Baz

Quote from: armadillo on Aug 31, 2012, 23:19:36
In Firefox, I use the Prefbar addon. This has a little dropdown menu that allows you to toggle java, flash and many other nuisances features.

I browse with java and flash turned off unless I am on some site where I feel the need to enable either of them.

but how do you tell if you need it on or off.if its a new site you wont know how its supposed to look, will you  :dunno:

like I said earlier I have a work related site that I need and only noticed it displaying differently because I visit it regularly and noticed things not working.

What does Java actually do.

jezuk1

Version 7 update 7 has been released. Notes: "This releases address security concerns.  Oracle strongly recommends that all Java SE 7 users upgrade to this release."

Edit: Steve has already posted this  :D

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.