FingerLakes1.com Forums
Topic Options
#1381924 - 01/11/13 10:22 AM Hackers Target Java
HondiF Offline
Member

Registered: 01/13/08
Posts: 87
Loc: 70 Miles from the middle of no...
This report is very frustrating to me. You send panic to people who know enough about computers to use one, but don't provide enough information for advanced user to translate for them. Can anybody find any further information on this supposed threat?

Flaws in the computer software Java can let hackers into your computer.

http://abcnews.go.com/Technology/video/techbytes-java-toilet-training-18188175 (OR google "TechBytes: Java, Toilet Training")

Top
FingerLakes1.com
#1382003 - 01/11/13 06:34 PM Re: Hackers Target Java [Re: HondiF]
Tabbytails Offline
Senior Member

Registered: 02/20/06
Posts: 1101
Loc: Here Abouts.
From http://www.inquisitr.com/478063/us-cert-warns-of-possible-java-hacking-exploit/


US Computer Emergency Readiness Team (US-CERT) said Thursday that internet users should consider disabling Java in their browsers due to an exploit that can allow remote attackers to hack a vulnerable system.

Security experts reported that cyber-criminals have been utilizing a zero-day vulnerability in Java to attack computer systems. Attackers stealthily install malware on the computers of users who visit compromised websites, according to Computer World. The US-CERT security alert states the agency is “unaware of a practical solution to this problem.”

US-CERT recommends that you disable Java in your browser to prevent the hackers from accessing your system. The weakness can allow an untrusted Java applet to escalate its privileges, ignoring security protocol. US-CERT said Oracle Java 7 update 10 and earlier are the most vulnerable.

US-CERT added:

“This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.”

Info World says Bogdan Botezatu, a senior e-threat analyst at Bitdefender, stated in an email:

“We can confirm that this is a new vulnerability. We reproduced the exploitation mechanism on Java 1.7 Update 9 and Update 10. Other versions may be vulnerable as well, we’re currently analyzing whether other older updates are vulnerable.”

Two spokeswomen for Oracle, Java‘s distributer, weren’t available for comment.

US-CERT logo

Botezatu said:

“I think that Oracle will not issue an out-of-band patch again without thoroughly investigating the full extent of the damage and ensuring the quality of the patch. The last out-of-band patch for Java that was released in August actually opened the door for a similar exploitation technique on Java versions that were not vulnerable before the exploit. I believe this was an important lesson that might delay the release of a fix.”

In the end it should be established that if it can be built, it can be exploited.

Read more at http://www.inquisitr.com/478063/us-cert-warns-of-possible-java-hacking-exploit/#PiVA7eZXubsxPJgb.99

Top
#1382151 - 01/12/13 05:28 PM Re: Hackers Target Java [Re: Tabbytails]
Timbo Offline
Senior Member

Registered: 07/18/12
Posts: 9756
Loc: CNY

I disabled Java three years ago and haven't looked back since.
_________________________
Everyone's entitled to their own opinions, but not their own facts.

Top
#1382365 - 01/13/13 05:09 PM Re: Hackers Target Java [Re: Timbo]
DR. D Offline
Senior Member

Registered: 07/25/03
Posts: 6056
Loc: Waterloo/Seneca Falls/Junius/T...
They just patched it about an hour ago for those that still use it for their web games,

Reminder
If you have disabled Java in the Java Control Panel, you will need to manually re-enable it after installing this release. You can find the check box in the Security tab of the Java Control Panel. If you have previously disabled Java Plugin in the browser, you will need to manually re-enable it after installing this release. In Firefox, you can do this in the Add Ons -> Plugin screen. In Internet Explorer, this functionality is located in Tools -> Manage Add-ons.

In addition to patching the exploit, the following change has been made:

Default Security Level Setting Changed to High
• The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.


The 32 bit client can be downloaded here http://javadl.sun.com/webapps/download/AutoDL?BundleId=73141

The 64 bit client can be downloaded here http://javadl.sun.com/webapps/download/AutoDL?BundleId=73143

Top
#1382527 - 01/14/13 12:38 PM Re: Hackers Target Java [Re: DR. D]
HondiF Offline
Member

Registered: 01/13/08
Posts: 87
Loc: 70 Miles from the middle of no...
Thank you for your posts Tabbi, Timbo and Dr. D!

Top
#1382816 - 01/16/13 02:00 AM Re: Hackers Target Java [Re: HondiF]
Timbo Offline
Senior Member

Registered: 07/18/12
Posts: 9756
Loc: CNY

While the recent Java security updates are very good improvements for those that relay on it, be aware that many security analysts claim, that there still remain several security risks that have not yet been addressed. So, use with caution.
_________________________
Everyone's entitled to their own opinions, but not their own facts.

Top
#1384374 - 01/24/13 10:32 AM Re: Hackers Target Java [Re: Timbo]
MissingArty Offline
Member

Registered: 12/18/11
Posts: 403
Loc: Waterloo, NY
I have a Java update. Should I download it or use your link?
_________________________
Arty turns 4 this summer.

Top
#1384399 - 01/24/13 01:57 PM Re: Hackers Target Java [Re: MissingArty]
DR. D Offline
Senior Member

Registered: 07/25/03
Posts: 6056
Loc: Waterloo/Seneca Falls/Junius/T...
You can take the auto update, or if you know if yu have a 32 or 64 bit OS make that choice as well.

Top
#1384439 - 01/24/13 04:45 PM Re: Hackers Target Java [Re: DR. D]
MissingArty Offline
Member

Registered: 12/18/11
Posts: 403
Loc: Waterloo, NY
Ok, thank you, I'll just take the update.
_________________________
Arty turns 4 this summer.

Top