The Warring States of NPF  

Go Back   The Warring States of NPF > Social > Computers & Technology
User Name
Password
Mark Forums Read
FAQ Members List Calendar Search Today's Posts Join Chat

Reply
View First Unread View First Unread   Click to unhide all tags.Click to hide all tags.  
Thread Tools Display Modes
Unread 01-12-2013, 03:18 PM   #1
synkr0nized
synk-ism
 
synkr0nized's Avatar
 
Join Date: Nov 2003
Location: throughout the Wired
Posts: 6,854
synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law.
Send a message via ICQ to synkr0nized Send a message via AIM to synkr0nized Send a message via MSN to synkr0nized Send a message via Skype™ to synkr0nized
Default "Stop using Java in the browser", warns Homeland Security.

EDIT/Point to Note: This has nothing to do with Javascript!

A security flaw in Java that allows for execution of malicious code has prompted for disabling Java in any/all web browsers.

edit -- In case the articles may give the wrong impression, this doesn't mean simply running Java applets breaks your machine. While it's true that security-minded organizations and professionals haven't been happy with the idea of a run-time environment given all that freedom in a browser, typically the idea is that it is run in a sort of "sandbox" setting. Malicious code, however, is able to escalate the privileges allowed due to this weakness, potentially gaining root/admin access in the worst case. But that's kind of typical for malicious code that users download and run.

Java is cross-platform, mind you, so its flaw is susceptible regardless of your computers' operating systems.

Of course you can disable it easily in your browsers.
Especially with the latest version.


Note that this is not the end of Java, nor does it mean you should stop all interactions with Java. I rarely if ever do much on the web with Java applets, but I have worked with Tomcat and Java code on projects before. That kind of thing, of course, is fine -- it's not like writing a program or interface, etc. on your own development machine or in a company setting is going to somehow suddenly introduce malicious code. The vulnerability more or less originates where most of them do -- at the download, acceptance, and execution of malicious code by the user.

As always, don't open attachments/emails you don't recognize or trust, don't follow download links you cannot verify, don't run into "bad" websites, and only run applets, scripts, and the like on sites you feel are trustworthy.


All that said, Oracle is reported to be pushing a fix for this. It (Java updates for security) may become something to keep on top of more regularly, but Java is probably here to stay for a while. You may just not want to run it in your browsers anymore.


As I mentioned, I very rarely come across applets in pages that I frequent or have a need for them, so I have Java disabled in browsers on my machines.
__________________

Find love.

Last edited by synkr0nized; 01-12-2013 at 03:26 PM.
synkr0nized is offline Add to synkr0nized's Reputation   Reply With Quote
Unread 01-15-2013, 04:57 PM   #2
synkr0nized
synk-ism
 
synkr0nized's Avatar
 
Join Date: Nov 2003
Location: throughout the Wired
Posts: 6,854
synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law.
Send a message via ICQ to synkr0nized Send a message via AIM to synkr0nized Send a message via MSN to synkr0nized Send a message via Skype™ to synkr0nized
Default in case anyone is actually reading this thread

So far, Oracle has released a minor update that changes the default security setting from Medium to High.

In effect, this forces a user to manually click to allow/run an applet.

It doesn't really address the issue if a user still chooses to run an applet with malicious code. Arguably it's just adding an additional step between a user and getting owned by Java.

So I'd still recommend disabling it unless you are really keen on Java applets.
__________________

Find love.
synkr0nized is offline Add to synkr0nized's Reputation   Reply With Quote
Unread 01-15-2013, 05:46 PM   #3
rpgdemon
Not a Taco
 
rpgdemon's Avatar
 
Join Date: May 2005
Posts: 3,313
rpgdemon has apparently made an impact on one or two people over the years. rpgdemon has apparently made an impact on one or two people over the years. rpgdemon has apparently made an impact on one or two people over the years. rpgdemon has apparently made an impact on one or two people over the years. rpgdemon has apparently made an impact on one or two people over the years. rpgdemon has apparently made an impact on one or two people over the years. rpgdemon has apparently made an impact on one or two people over the years. rpgdemon has apparently made an impact on one or two people over the years. rpgdemon has apparently made an impact on one or two people over the years. rpgdemon has apparently made an impact on one or two people over the years. rpgdemon has apparently made an impact on one or two people over the years.
Default There is just little to say.

I'm reading it.
__________________
You know, I totally lied to all you guys for about five years. Something new was -not- coming soon to my signature. But, as I am a man of my word (Sorta), I did put something new here.

Quote:
Originally Posted by Bard The 5th LW View Post
RPG has total "I told you so" privileges.
Quote:
Originally Posted by Bard The 5th LW View Post
RPG still has total "I told you so" privileges.
rpgdemon is offline Add to rpgdemon's Reputation   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:34 AM.
The server time is now 06:34:26 AM.


Powered by: vBulletin Version 3.8.5
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.