 |
 |
 |
 |
#1381924 - 01/11/13 10:22 AM
Hackers Target Java
|
HondiF
Member
Registered: 01/13/08
Posts: 87
Loc: 70 Miles from the middle of no...
|
This report is very frustrating to me. You send panic to people who know enough about computers to use one, but don't provide enough information for advanced user to translate for them. Can anybody find any further information on this supposed threat?
Flaws in the computer software Java can let hackers into your computer.
http://abcnews.go.com/Technology/video/techbytes-java-toilet-training-18188175 (OR google "TechBytes: Java, Toilet Training")
|
|
Top
|
|
|
|
|
 |
 |
 |
 |
|
|
|
|
#1382003 - 01/11/13 06:34 PM
Re: Hackers Target Java
[Re: HondiF]
|
Tabbytails
Senior Member
Registered: 02/20/06
Posts: 1047
Loc: Here Abouts.
|
From http://www.inquisitr.com/478063/us-cert-warns-of-possible-java-hacking-exploit/
US Computer Emergency Readiness Team (US-CERT) said Thursday that internet users should consider disabling Java in their browsers due to an exploit that can allow remote attackers to hack a vulnerable system.
Security experts reported that cyber-criminals have been utilizing a zero-day vulnerability in Java to attack computer systems. Attackers stealthily install malware on the computers of users who visit compromised websites, according to Computer World. The US-CERT security alert states the agency is “unaware of a practical solution to this problem.”
US-CERT recommends that you disable Java in your browser to prevent the hackers from accessing your system. The weakness can allow an untrusted Java applet to escalate its privileges, ignoring security protocol. US-CERT said Oracle Java 7 update 10 and earlier are the most vulnerable.
US-CERT added:
“This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.”
Info World says Bogdan Botezatu, a senior e-threat analyst at Bitdefender, stated in an email:
“We can confirm that this is a new vulnerability. We reproduced the exploitation mechanism on Java 1.7 Update 9 and Update 10. Other versions may be vulnerable as well, we’re currently analyzing whether other older updates are vulnerable.”
Two spokeswomen for Oracle, Java‘s distributer, weren’t available for comment.
US-CERT logo
Botezatu said:
“I think that Oracle will not issue an out-of-band patch again without thoroughly investigating the full extent of the damage and ensuring the quality of the patch. The last out-of-band patch for Java that was released in August actually opened the door for a similar exploitation technique on Java versions that were not vulnerable before the exploit. I believe this was an important lesson that might delay the release of a fix.”
In the end it should be established that if it can be built, it can be exploited.
Read more at http://www.inquisitr.com/478063/us-cert-warns-of-possible-java-hacking-exploit/#PiVA7eZXubsxPJgb.99
|
|
Top
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#1382365 - 01/13/13 05:09 PM
Re: Hackers Target Java
[Re: Timbo]
|
DR. D
Senior Member
Registered: 07/25/03
Posts: 5737
Loc: Waterloo/Seneca Falls/Junius/T...
|
They just patched it about an hour ago for those that still use it for their web games,
Reminder
If you have disabled Java in the Java Control Panel, you will need to manually re-enable it after installing this release. You can find the check box in the Security tab of the Java Control Panel. If you have previously disabled Java Plugin in the browser, you will need to manually re-enable it after installing this release. In Firefox, you can do this in the Add Ons -> Plugin screen. In Internet Explorer, this functionality is located in Tools -> Manage Add-ons.
In addition to patching the exploit, the following change has been made:
Default Security Level Setting Changed to High
• The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.
The 32 bit client can be downloaded here http://javadl.sun.com/webapps/download/AutoDL?BundleId=73141
The 64 bit client can be downloaded here http://javadl.sun.com/webapps/download/AutoDL?BundleId=73143
|
|
Top
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#1382527 - 01/14/13 12:38 PM
Re: Hackers Target Java
[Re: DR. D]
|
HondiF
Member
Registered: 01/13/08
Posts: 87
Loc: 70 Miles from the middle of no...
|
Thank you for your posts Tabbi, Timbo and Dr. D!
|
|
Top
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#1384399 - 01/24/13 01:57 PM
Re: Hackers Target Java
[Re: MissingArty]
|
DR. D
Senior Member
Registered: 07/25/03
Posts: 5737
Loc: Waterloo/Seneca Falls/Junius/T...
|
You can take the auto update, or if you know if yu have a 32 or 64 bit OS make that choice as well.
|
|
Top
|
|
|
|
|
|
|
|
|
Moderator: FL1 Staff, FL1 Mod, FL1 Tek Deluxe, FL1 Mod 2, FL1 Office, FL1 Mod 3
|
|
