"U.S. warns on Java software as security concerns escalate"

69 posts / 0 new

Jim Finkle of the Reuters news service writes about the warnings from the US Department of Homeland Security on the security exposures in Oracle JAVA. The department urges users to disable JAVA to prevent hackers from stealing the users identity or taking over the computer. JAVA should stay disabled until Oracle provides a fix. Procedures for disabling JAVA are included below the Reuters article.

1/11/13 - from the link below:

Java is so widely used that the software has become a prime target for hackers. Last year Oracle's Java surpassed Adobe Systems Inc's Reader software as the most frequently attacked piece of software, according to security software maker Kaspersky Lab.

Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. Microsoft Windows and Internet Explorer were involved in about 3 percent of incidents, according to the survey.

The Department of Homeland Security said attackers could trick targets into visiting malicious websites that would infect their PCs with software capable of exploiting the bug in Java.

It said an attacker could also infect a legitimate website by uploading malicious software that would infect machines of computer users who trust that site because they have previously visited it without experiencing any problems.

U.S. warns on Java software as security concerns escalate

1/10/13 -

this item contains instructions for disabling JAVA in different browsers:

Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B

1/12/13 -

How to turn off Java on your browser - and why you should do it now

Disable Java? Here's how, after US agency warns of software 'vulnerability.'

Oracle Corp to fix Java security flaw 'shortly'

Oracle's Java Is a Smelly Fish Tank

miksilvr
Joined:
Jul. 7, 2011 11:13 am

Comments

I've never like Larry Ellison and never like Oracle buying Java. I have to use Java for development. The chat room plugin also won't work with the openJDK version of Java which runs on many Linux systems. Maybe time to change the chart room plugin?

The Internet will be the battleground for years to come for cyberwarfare. And the authoritarians will try to take away many of the rights we enjoy on the Internet. And there will be much "gnashing and gnawing of teeth."

captbebops's picture
captbebops
Joined:
Jul. 31, 2007 3:01 pm

1/12/13 -

this link lists the java version unless it is disabled:

Java Tester - What Version of Java Are You Running?

It's time to rewrite Java from scratch, security expert says

My Saturday Java Scare

Java software warning: Links to the government alert and solutions

New malware exploiting Java 7 in Windows, Unix systems

miksilvr
Joined:
Jul. 7, 2011 11:13 am

Rewriting Java from scratch is ludicrous as well as unnecessary and disruptive. As mentioned in the HuffPo article Oracle didn't maintain Java as well as Sun did. Larry Ellison seems "me, me" capitalist while Scott McNealy believed very much in free software and open source. And I'm sure that more tech giants than Ellison would love to disrupt Google's open source hold on the growing mobile market. I would be wary of an agenda there.

McNealy also thought that the open source movement could be applied to more than just software and I think that too. But that's very threatening the capitalist world still stuck in the 18th century.

captbebops's picture
captbebops
Joined:
Jul. 31, 2007 3:01 pm

1/12/13 -

Oracle says Java flaw will be fixed 'shortly'

Oracle’s Java vulnerability left open since October 2012 ‘fix’, now being used to push ransomware

***

How do I disable Java in my web browser?

***

for updates on the JAVA security problem:

search for java on google

@Oracle on twitter : https://twitter.com/Oracle

#java hastag on twitter : https://twitter.com/search?q=%23java

Oracle on facebook : https://www.facebook.com/Oracle

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/12/13 -

more articles like those above, with comments that might be useful for some users of different hardware and software platforms:

US-CERT warns users to disable Java in web browsers, Apple and Mozilla move to block it

US Department of Homeland Security advises disabling Java following fresh zero-day vulnerability

How to Disable Java

Why The Java Bug Is A Big Deal

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/13/13 -

Oracle is working on an update to address a flaw in its Java software.

The company says it will release a patch that will fix 86 vulnerabilities in Java 7 on Tuesday.

Oracle says Java update coming Tuesday

---------------------------------------------------------------------

10/18/12 -

This earlier item spells out some of the changes in how Apple has been handling JAVA in the Mac environment over the last year.

Apple tries to kill its own Java on most Macs

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/13/13 - {"shortly" or "Tuesday"?}

Java security fix coming 'shortly'; Up to 850m machines at risk

Oracle: Java Fix 'Available Shortly'

miksilvr
Joined:
Jul. 7, 2011 11:13 am

I think they'll use this as an excuse to put us all on "the cloud." Which is something I'm not interested in.

captbebops's picture
captbebops
Joined:
Jul. 31, 2007 3:01 pm

1/13/13 -

Is it Tuesday already ? not quite, but anyhow ...

Oracle releases software update to fix Java vulnerability

***

Oracle updates Java, security expert says it still has bugs

Forget Oracle's Latest Java Patch. Just Kill The Program In Your Browser For Good

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/13/13 -

Serious Flaw in Java Software Is Found, Then Patched

***

Oracle ships Java 7 Update 11 with vulnerability fixes, increased security level for Java applets

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/14/13 -

JAVA 7 upd 11 installed with no problems, and chat functions as usual.

Some of the articles point at vulnerabilities in the JAVA developers tool kit, or JDK ... if you do not need the JDK, you may be better off deleting it than leaving it on you system. Run backups and create a control point to be safe, then uninstall the JDK.

I found the JDK install date was two months back from the last JAVA update install. I uninstalled it when I took out Java 7 upd 9, which was the JAVA on this system.

Keep checking the links in reply #5 above (or other places tracking this) for updates ... some of the articles written after Oracle's announcement indicated the writers felt there are still bugs that need to be fixed {but not installing JAVA 7 UPD 11 leaves your system open to hackers}.

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/14/13 -

More input today on this episode, something to consider when deciding what to do about Oracle JAVA on your computer.

Oracle releases Java fix, but security concerns remain

Security experts on Java: Fixing zero-day exploit could take 'two years'

Oracle releases emergency Java update

Oracle releases patch for Java after U.S. government warning

--------------------------------------------------------------------------------

If you want to continue using JAVA, it looks like installing JAVA 7 upd 11 is the safest way to go. Keep an eye on this thing; several of the analysts say Oracle needs to do more to plug other security holes in JAVA.

If you are like me and only use JAVA for chat, you may only need what is called the JAVA Runtime Environment (JRE), not the JAVA Development Kit (JDK) or JavaFX (aka The Rich Client Platform ? ). Consider uninstalling the JDK and JavaFX.

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/14/13 -

more concerns about the state of JAVA security:

Java 7 patch released, experts say may contain flaws

Java Security Flaw Is Repaired; Experts Still Recommend Disabling It

U.S. says Java still risky, even after security update

***

this link lists the java version unless it is disabled:

Java Tester - What Version of Java Are You Running?

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/14/13 -

Java Security Flaw Is Repaired; Experts Still Recommend Disabling It

Java Security Fix Issued By Oracle, Feds Maintain Warning To Users

U.S. says Java still risky, even after security update

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/14/13 -

Homeland Security still advises disabling Java, even after update

1/15/13 -

Apple releases Java 7 update 11 for zero-day flaw but concerns linger

Java exploit used in Red October cyberespionage attacks, researchers say

10 Facts: Secure Java For Business Use

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/14/13 -

procedures for getting into the Thom Hartmann chat room without the use of JAVA:

Apple-only solution to current or future Java chat issues - you CAN get to THC without Java from an Apple Mac PC

miksilvr
Joined:
Jul. 7, 2011 11:13 am

After turning off Java plugins in Firefox the only site so far that complains it isn't on is Thom's chat room. Maybe time for a different chat plugin? Oh geez, emoticons don't work here yet and the clien side spellchecker is still turned off. So I might be asking a bit much.

captbebops's picture
captbebops
Joined:
Jul. 31, 2007 3:01 pm

You have made some good suggestions here, captbebops, and in other places; maybe you are a good one to forward those ideas to Nigel , email = webmaster@thomhartmann.com .

I don't know what other options they have, but suggestions or concerns passed to Nigel possibly could result in changes with addonchat or comcast.

From what I saw last summer, addonchat is one of the most common chat services in use. The security exposures that Oracle closed locked out chat users all over the net until they could find a fix on the net. I'm not familiar with the other available chat services, so I can not suggest replacements.

miksilvr
Joined:
Jul. 7, 2011 11:13 am

I've been posting recommendations on the feedback section and elsewhere including the chat room for the last few years. My bet is there is not much money going into supporting this message board so updates are limited.

AddonChat doesn't have a forum or if it does you need to be a customer to see it (not a good idea). I would love to see how they are addressing this Java exploit problem because it deeply effects their product. Of course by "they" it may be "he" as it might just be a one person company. And if that is so, sales may not merit developing products that don't use Java.

captbebops's picture
captbebops
Joined:
Jul. 31, 2007 3:01 pm

Just when you thought it was safe to "go back in the water" ...

More bad news about the safety of Oracle JAVA even after the release of JAVA 7 UPD 11! I'm still reading these, but the tone of them made me decide to share the articles here and let others decide what to do.

I have JAVA disabled when not in use, have not been in the chat room since late last night, and might not chat again until after I've read the articles.

Unlike some of the more tech savy users here, I do not have just one trusted "go to" source for security information, so I'll read a few different items on the same subject to help make a decision on what to do.

1/15/13 -

Oracle releases Java 7 update 11 for zero-day flaw but concerns linger

Java exploit used in Red October cyberespionage attacks, researchers say

1/16/13 -

The Death Of Java In The Enterprise?

Java insecurity: Options are few for many enterprises

Another Java Zero-Day Vulnerability Hits Black Market

Homeland Security still says no to Java

Why fixing the Java flaw will take so long

New Java Exploit Fetches $5,000 Per Buyer

miksilvr
Joined:
Jul. 7, 2011 11:13 am

"and the hits just keep on coming" ...

this Atlantic article came in 2 parts:

1/14/13 -

Security Tip: Disable Java Now

1/16/13 -

The Java Menace, Cont.

1/16/13 -

New Java exploit sells for $5000 on black web; possible threat to millions of PCs

miksilvr
Joined:
Jul. 7, 2011 11:13 am

On Chrome "Chat" doesn't even show up under "Community".

captbebops's picture
captbebops
Joined:
Jul. 31, 2007 3:01 pm

captbebops, i'm using Chrome and I see the Chat option in the menu on the Community page ... it's the second item after Message boards. I wonder if you have a bad copy of the page in Chrome cache.

Another user indicated that Chat used to be an option on Thom's home page, but no longer is.

I have noticed that when I get logged off Thom's site, some of the options do not appear. That happens if their system gets restarted, or if my saved cookies for Thom's site get trashed.

If these security bulletins warning about JAVA exposures keep coming in, more people may be taking a look at Marion Delgado's no-Java approach to Chat (de-caff chat) that i noted in reply #17 above.

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/16/13 -

Java is not JavaScript - tell your friends!

Just patch Java? Easier said than done

***

"With the latest security holes coming to light, many are recommending removing Java entirely from your system. If you don't want to go that far, here are some things you can do."

Do you need to uninstall Java to be safe from its vulnerabilities?

miksilvr
Joined:
Jul. 7, 2011 11:13 am

Test the version of Java your browser is using

1/16/13 -

New Java exploit sells for $5000 on black web; possible threat to millions of PCs

Do you need to uninstall Java to be safe from its vulnerabilities?

1/17/13 -

Malware masquerades as patch for Java

Red October Used Java Exploit: Update or Disable Java Now

miksilvr
Joined:
Jul. 7, 2011 11:13 am

Java Tester - What Version of Java Are You Running?

1/15/13 -

How to kill Java dead, dead, dead

How to disable Java in your browsers

1/18/13 -

Malware impersonates Java patch

Why the Java threat rang every alarm

Bogus Java patch drops malware on your PC

Java Security Warnings: Cut Through The Confusion

Oracle investigating two new vulnerabilities in latest Java, but Windows users have less to fear

1/19/13 -

Oracle's Java patch contains new holes, researchers warn

1/20/13 -

Java hacker boasts of finding two more unpatched holes

Q&A: Is Java safe to use?

miksilvr
Joined:
Jul. 7, 2011 11:13 am

more questions about the security of Oracle JAVA, warnings about fake JAVA updates, and also complaints about some of their practices for packaging the software:

1/17/13 -

How to disable the Java web plug-in in Safari

1/18/13 -

Java Security 'Fix' Is Disguised Malware Attack

1/19/13 -

Watch Out! Malware Posing as Java Update

1/21/13 -

Security Firms Warn Users of Fake Java Updates

1/22/13 -

A close look at how Oracle installs deceptive software with Java updates

Beware of fake Java updates

Java Hacker Uncovers Two Flaws In Latest Update

Disabling Java in Internet Explorer: No easy task

If you need Java, use this one instead

Another Java Exploit Found In ‘Watering Hole’ Attack

1/23/13 -

One Man's Defense of Java

miksilvr
Joined:
Jul. 7, 2011 11:13 am

Looks like this JAVA security problem isn't going away.

Yesterday was the first time in a week I had been in Thom's chat (and maybe the last time for a while). I noticed how many fewer people were in there during the last hour of the show when i entered, and for the 1 - 2 hours after that.

While I was in chat I started browsing the latest JAVA security warnings (and posting them so other chatters could read them), and saw that Firefox was blocking JAVA.

And now today, its Apple's turn.

Here is a sample of the security warnings for the last few days:

1/28/13 -

Latest Java Flaw Bypasses Security Control, Security Researchers Say

Java’s new “very high” security mode can't protect you from malware

1/29/13 -

Java Security Work Remains, Bug Hunter Says

1/30/13 -

Firefox to block Silverlight and Java -- but not Flash

1/31/13 -

Apple Once Again Blocks Java 7 Web Plug-in

Firefox Moves To Block Java, Silverlight, Adobe Reader

XProtect update blocks unpatched Java versions in OS X

Java: How to fix your biggest Internet security risk

Apple blocks Java on Macs due to vulnerabilities

-----------------------------------------------------------------------

I don't know about you, but I have disabled JAVA, and have not yet deleted it. I'm still thinking about it.

For those looking for a chat alternative to JAVA, I'll repeat my comments from 1/16/13:

If these security bulletins warning about JAVA exposures keep coming in, more people may be taking a look at Marion Delgado's no-Java approach to Chat (de-caff chat) that i noted in reply #17 above.

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/1/13 -

US-CERT Alert TA13-032A - Oracle Java 7 Multiple Vulnerabilities

***

Finally, some reaction from Oracle. I just found out abuut this new java upgrade an hour or two ago, and have not had time to install it yet. I'll probably wait and do some more reading about it before going ahead, and will not use java again until I've done the upgrade.

New Java from Oracle. Whoopee. Update ASAP.

Oracle releases Java patch update

Oracle Releases Java 7 Update 13 to Address Security Issues, Reenable Web Plug-in on OS X

Oracle patches security issues with Java 7 Update 13

Oracle Responds to Java Security Flaws with 50 Fixes

***

as i said last summer, chat withdrawal is a __________ !!!

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/1/13 -

Java browser plug-in on OS X re-enabled with update to Java 7

Oracle pushes Java 7 Update 13 out early, after one of 50 vulnerabilities addressed is exploited in the wild

2/2/13 -

Oracle releases emergency patches for Java

About the security content of Java for Mac OS X v10.6 Update 12

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/2/13 -

Oracle rushes out another Java update, fixing 50 vulnerabilities

Apple updates Java for Snow Leopard following blockage

About Java for Mac OS X v10.6 Update 12

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/2/13 -

When a vulnerable version of Java is active in a Web browser, visiting a compromised website is all it takes for crooks to sneak malware onto your computer.

In most cases, you won’t even know the site is compromised until it’s too late.

Here’s how to stay safe: Stop using Java — or stay on top of the upgrades and use Java a lot more guardedly.

Defend computer from hackers who exploit Java

miksilvr
Joined:
Jul. 7, 2011 11:13 am

Java Tester - What Version of Java Are You Running?

***

2/2/13 -

Oracle’s Latest Java Patch Contains Huge Security Flaw Update of 50 Fixes

Kim Komando: How to deal with Java's security woes

***

a few notes from one of the links i posted yesterday:

The Java 7 update is packaged as Java 7 Update 13 – Update 11 was only published on 14 January. The Java Runtime Environment (JRE) update is available for Windows, Mac OS X, Linux and Solaris, from the general download page. The CPU also includes an update for Java 6, Java 6 Update 39, which can be downloaded from the download area for developers. That page also carries updated versions of the Java Development Kit for Java 6 and 7.

Mac OS X 10.6.8 (Snow Leopard) will find a "Java for Mac OS X 10.6 update 12" available through the software update function. Users of Java 7 on Mac OS X 10.7 and 10.8 who are not being alerted of an update should go to System Preferences, select Java and the Update tab and click Update Now. Windows users should also be alerted by the Java update checker which will download and update their Java installation. Oracle customers still using Java 5 or Java 1.4 should contact Oracle as the company says it has produced updates for those, no longer publicly supported, editions too.

Oracle releases emergency patches for Java

---------------------------------------------------------------------------

Since the Java update problems from last summer that resulted with an inability to get into chat for a few days, I have continued the practice of uninstalling the old Java release before downloading the new one.

I'm using windows 7 and chrome ... your configuration may be different, but the general process is the same.

After the uninstall start your browser and click on the chat option on one of the pages the option is available on Thom's web site. That will prompt you to install the java plugin; click and your browser will link to a page on Oracle's web site to start the download of the Java version that matches your system and browser config. {If you want a different version than what the auto download selects, consult the recently linked articles for tips on what you will need and where to get it ... some of the older releases of Java have also been patched by these security updates, like java 6 update 39.}

After the install process is complete, shut down the browser, go to control panel, click programs, then click Java and bring up the Java controls. Next step before starting your browser is to delete the Java temporary internet files / cache. Under "temporary internet files", click "settings", click "delete files", check all boxes under "delete the following files?", then click ok. This was necessary after one of last summers java releases (java 7 update 6 maybe ?), and I have continued to do it for later updates ... it does not take long.

Close the Java control panel and control panel itself.

Start your browser, and click on the chat option. The new Java plugin should load and bring up the signon screen for chat. if you are prompted again to install the Java plugin, cycle your browser again (a couple of times I installed Java while forgetting that I had multiple chrome windows open, and had not shut down one of them before clicking the chat start, only to be prompted to install the Java plugin even though I had just done that).

After doing the update yesterday I went into chat and hung around a while. Things were quieter than on the average Saturday night, possibly due to these continuing security problems which prompted Apple and Firefox to disable Java. Some of the people in chat did not know of the new release and the 50 security fixes in Java 7 upd 13 on 2/1/13, so I gave them the following link to reply #30 above where the first articles announcing the update are:

http://www.thomhartmann.com/forum/2013/01/us-warns-java-software-security-concerns-escalate#comment-195291

---------------------------------------------------------------------------

Java Tester - What Version of Java Are You Running?

miksilvr
Joined:
Jul. 7, 2011 11:13 am

In Thom's chat room this weekend, I made a comment about the above routine that I have been using to install a new Java since I was locked out of chat last summer for about 3-4 days after one of the updates did not go in cleanly. They mentioned that they don't uninstall java before starting the install of the update. My point was that I do it because of the problems I ran into when I had parts of 3 Java releases on the system, and was not able to get the chat to open until I had uninstalled all of the Java .

In this case, why would you want to leave java 7 update 11 or an older release on your system with at least 50 known security exposures in it?

I posted links in chat about the new java update for people who did not know about it. I'm not sure when I'll have time to get into Thom's chat today, but when I do, I'll check to see if there are others in chat that have not gotten notice yet.

Here is a link for the reply in this thread where the first mention of the java 7 update 13 security fix is mentioned ... this is a good place for people to start reading about it, to help them learn about the security patches and to do the install.

http://www.thomhartmann.com/forum/2013/01/us-warns-java-software-security-concerns-escalate#comment-195291

-----------------------------------------------------------------

2/4/13 -

more input on Friday's release of Java 7 update 13 with the 50 security patches:

Oracle pushes out new Java update to patch security holes

Apple updates Java 6 for Snow Leopard

Another Critical Java Update, You Know What To Do

Forget the Super Bowl. Critical Java patch released; update now

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/4/13 -

If you took advantage of the new security features of java 7 update 11, and disabled java in the browser and / or the java plugin from the java control panel, don't forget to re-enable both options after doing the java 7 update 13 install.

I forgot. If you forget, you get prompted to install the plugin again when you click chat.

So, after doing the install, shut down your browser, go to the java control panel, delete the temporary files / cache, on the security tab enable the java in the browser option, on the advanced security tab enable the java plugin, close the java control panel, then start your browser and click chat.

Should work fine after that, til the next go-round. Maybe Oracle will not sit on security fixes anymore for so long that they release 50 of them at once like they did on 2/1/13 with java 7 update 13.

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/4/13 -

Apple, Oracle restore Java on OS X

Java browser plug-in functionality restored to Snow Leopard, Lion and Mountain Lion after latest blacklisting

http://www.computerworld.com/s/article/9236498/Apple_Oracle_restore_Java_on_OS_X?taxonomyId=17

***

Apple updates Java 6 for Snow Leopard

While Mountain Lion and Lion users could apply Oracle's Java 7 Update 13 last Friday, Snow Leopard users rely on Apple for updates to Java 6: last August, Oracle took over the maintenance of Java for OS X for Java 7 Update 6 onwards; however, Java 7 is not supported on Snow Leopard and as of this month Oracle will stop providing updates for Java 6 altogether.

http://www.zdnet.com/apple-updates-java-6-for-snow-leopard-7000010762/

***

Oracle Issues Emergency Java Security Update

The newly released versions of Java include Java 7 Update 13, Java 6 Update 39, and JavaFX 2.2.5. (Oracle has said it plans to stop posting new updates for Java 6 after the end of this month.)

According to Oracle, its new Java software addresses flaws present in the following Java software (and all versions previous to those listed here): Java 7 Update 11, Java 6 Update 38, Java 5 Update 38, SDK and Java Runtime Environment 1.4.2_40, and JavaFX 2.2.4.

http://www.informationweek.com/security/vulnerabilities/oracle-issues-emergency-java-security-up/240147724

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/5/13 -

Users Fiddle While Java Burns

Despite Oracle Java being ranked among the highest risk vulnerabilities, a startling 72% of Java users are not bothering to update their software to the latest and safest versions

http://readwrite.com/2013/02/05/users-fiddle-while-java-burns

*****************************************************

Oracle Fights Back On Java Security

Forty seven of the 58 vulnerabilities addressed in this CPU affect the Java Runtime Environment (JRE). Of these 26 have a score of 10.0, the maximum possible on the Common Vulnerability Scoring System (CVSS v2), with 23 being client-side vulnerabilities, and 3 applying to both client and server deployments. In total 44 of the vulnerabilities only affect client deployment of Java (e.g., Java in Internet browsers).

The patch also had fixes for 11 vulnerabilities in Java FX, 8 of which CVSS scores of 10.0.

http://www.i-programmer.info/news/80-java/5419-oracle-fights-back-on-java-security.html

*****************************************************

Latest Java update patches 50 holes, including critical zero-day flaw

According to security researcher Brian Krebs, the most critical fix in the most recent Java update addresses an issue in Oracle’s new trust mechanism. The initial change made it so that Java requested authorization from end users whenever unsigned, untrusted code was encountered. While it was an excellent step in the right direction in terms of improving the overall security of Java, it was also very easy to circumvent.

http://www.geek.com/articles/news/latest-java-update-patches-50-holes-including-critical-zero-day-flaw-2013025/

miksilvr
Joined:
Jul. 7, 2011 11:13 am

1/22/2013 Infoworld article "Disabling Java in IE: No Easy Task"https://www.infoworld.com/t/web-browsers/disabling-java-in-internet-explorer-no-easy-task-211220?page=0,0 Article states it isn't possible to be sure you have completely deleted Java from IE.Until I learn otherwise, I will not install Java on my new Windows 7 PC.I am not confident about using Java with any other internet browser either.Comments?

Evangel
Joined:
Jul. 31, 2007 3:01 pm

no easy solution for me, i have to use java for my livelyhood. i'm considering installing an os on an external drive and using java from there to keep it separated from any sensitive information stored on my main os drive.

tomas.savage's picture
tomas.savage
Joined:
Dec. 27, 2011 9:29 am

What ticks me off about this is that I was planning to do a desktop product upgrade using Java. I have customers who want to run my software on Macs and VMs aren't always the easy solution. My mistake was probably using MFC in Visual Studio. I should have written it with just Win32. Most all of that code base has been converted to Java and used for Android apps. Ellison and company treat Java like an orphan child because they can't figure out how to make money with it and they lost their lawsuit about Java on Android with Google.

captbebops's picture
captbebops
Joined:
Jul. 31, 2007 3:01 pm

2/6/13 -

Apple's Java sabotage is bad IT business

2/8/13 -

Oracle to release yet more patches for Java

Java: should you remove it?

Q&A: Should I delete Java?

***

?????????:

Java retakes the lead in language popularity

miksilvr
Joined:
Jul. 7, 2011 11:13 am

Then the plugin needs to be replaced on the chat room here. Or that company needs to find an non Java solution or Thom does. My bet is there is no money in the pot to get a different chat room plugin. After all there are so many bugs on this board that should have been fixed a long time ago and in the first page of a search on the problem in Drupal the solution was listed. I'm betting there's no money in the pot to get the board fixed either. For instance, from what I've read Drupal will default to using a server for spell checking and if you turn that off you also wind up turning off the browser checking. There is a solution around that.

captbebops's picture
captbebops
Joined:
Jul. 31, 2007 3:01 pm

Will the Chat on this site ever get off Java? This is the ONLY site that I visit where Java is even used anymore. Much like Flash Java is a dinosaur of the past that needs to be let go in the modern web as it brings onthing by gaping security holes.

Even the Open Source Java implimentation is affacted by most of these security holes,

intok's picture
intok
Joined:
Apr. 2, 2012 11:29 am
Quote intok:

Will the Chat on this site ever get off Java? This is the ONLY site that I visit where Java is even used anymore. Much like Flash Java is a dinosaur of the past that needs to be let go in the modern web as it brings onthing by gaping security holes.

Even the Open Source Java implimentation is affacted by most of these security holes,

For questions or comments about the use of Java by the chat room on Thom's web site, contact Nigel the webmaster ... email address is webmaster@thomhartmann.com . I do not know if using Java is the choice of the webmaster, the ISP (Comcast ?), or Addonchat (supplier of the chat interface software).

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/10/13 -

More Java patches due soon

Java Flaw Repair Email Camouflages Crafty New Malware Attack

2/12/13 -

Not done yet: Oracle to ship revised Java fix on February 19

Oracle's Java software still a major worry, despite recent fixes

2/13/13 -

Yahoo! Pushing Java Version Released in 2008

2/15/13 -

Facebook Hacked Via Java Vulnerability, Claims No User Data Compromised

Facebook hit by 'sophisticated attack'; Java zero-day exploit to blame

Facebook: Java exploit used to install malware on employee computers, ‘no evidence’ user data was compromised

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/1/13 -

written before the release that day by Oracle of Java 7 update 13:

Twitter Says Hackers May Have Compromised 250,000 Accounts

2/4/13 -

Twitter Hack Mostly Hit Early-Adopter, Well-Connected Users (And Probably President Obama)

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/16/13 -

Blogger blasts 'irresponsible' BBC over Facebook hack story

miksilvr
Joined:
Jul. 7, 2011 11:13 am

2/16/13 -

Facebook Attackers Exploited Java Zero-Day Bug

Facebook owns up - admits network breached, blames "Java in the browser"

miksilvr
Joined:
Jul. 7, 2011 11:13 am

Here we go again ...

While checking the 'net for headlines about the next Oracle java security update (which was expected to be released today), I instead found these:

Apple Says Java Plug-in For Browsers To Blame For Malware Attack

Apple Hit By Hackers; No Data Lost; Macs At Risk From Java

Apple targeted in Java hack attack

***

miksilvr
Joined:
Jul. 7, 2011 11:13 am

Be wary though. Did you note the big headlines today blaming China for cyber attacks? Could very well be false flags to get us to give up a lot of our rights regarding computers and the Internet. I won't budge though and neither should you. Government and business probably never envisioned such a wide spread use of computers. 20 years ago they were more the domain of geek hobbyists, gamers, businesses and institutions.

captbebops's picture
captbebops
Joined:
Jul. 31, 2007 3:01 pm

Currently Chatting

The Death of the Middle Class was by Design...

Even in the face of the so-called Recovery, poverty and inequality are getting worse in our country, and more wealth and power is flowing straight to the top. According to Paul Buchheit over at Alternet, this is the end result of winner-take-all capitalism, and this destruction of the working class has all been by design.

Powered by Drupal, an open source content management system