cancel
Showing results for 
Search instead for 
Did you mean: 

Another critical Java vulnerability puts 1 billion users at risk

Steve
Seasoned Pro
Posts: 6,853
Thanks: 336
Registered: ‎13-07-2009

Another critical Java vulnerability puts 1 billion users at risk

Quote
Just as Oracle is ramping up for the September 30 start of JavaOne 2012 in San Francisco, researchers from the Polish firm Security Explorations disclosed yet another critical Java vulnerability that might “spoil the taste of Larry Ellison's morning…Java.”
If you disabled Java when the last zero-day exploit was spotted in the wild, then you might consider doing so again . . . or dumping Java altogether? According to Security Explorations researcher Adam Gowdiak, who sent the email to the Full Disclosure Seclist, this Java exploit affects “one billion users of Oracle Java SE software.”

http://blogs.computerworld.com/malware-and-vulnerabilities/21056/another-critical-java-vulnerability...
If life gives you lemons, make lemonade.
14 REPLIES 14
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Another critical Java vulnerability puts 1 billion users at risk

Not just for Windows.
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Another critical Java vulnerability puts 1 billion users at risk

It is suggested in the original post that an "alternative" is to DUMP JAVA altogether....
Question.....
What do you replace it with, as so many things rely on us having Java installed. ?
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Another critical Java vulnerability puts 1 billion users at risk

I can't think of much that requires Java.
RPMozley
Pro
Posts: 1,339
Thanks: 83
Fixes: 13
Registered: ‎04-11-2011

Re: Another critical Java vulnerability puts 1 billion users at risk

Apart from BT & TBB speed testers.
That's RPM to you!!
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Another critical Java vulnerability puts 1 billion users at risk

Quote from: ejs
I can't think of much that requires Java.

So.... does that answer my question.... no...
can you do without it? if you think so little requires java...?
or what is your alternative suggestion to java?
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Another critical Java vulnerability puts 1 billion users at risk

Yes, I do just fine with the Java plugin disabled.
I haven't bothered to select another bittorrent program, there are plenty to choose from, but I don't really use azureus anymore anyway.
Having an alternative for Java itself doesn't really make any sense. Unless you mean an alternative for developing software, then which programming language you might choose instead would depend on what you were developing. I wouldn't have thought many people developing a new website these days would decide to use Java applets for anything.
What are all the irreplaceable Java programs and Java applet using websites you use then?
Steve
Seasoned Pro
Posts: 6,853
Thanks: 336
Registered: ‎13-07-2009

Re: Another critical Java vulnerability puts 1 billion users at risk

@shutter, Since posting this I have dumped Java and so far I have not needed It so looks like I can do without It so far. Why not try doing without It and If you need It just download It and use It, That way you are always guaranteed the latest version, It keeps your system safe and you can un-install It when not required. I have no alternative to Java to suggest
If life gives you lemons, make lemonade.
CX
Grafter
Posts: 750
Thanks: 4
Registered: ‎16-09-2010

Re: Another critical Java vulnerability puts 1 billion users at risk

I run 64-bit Windows and I have installed the 64-bit Java JRE. Since neither Firefox nor Chrome are 64-bit, the Java plugin is not available to them. For the sites which require Java (BT Speedtester, for example), I can launch Internet Explorer 9 64-bit. Since I don't use IE 64-bit under any other circumstances I feel this keeps me relatively safe.
Alternatively, install the 32-bit and then in Chrome enable the "click to run plugins" feature and in Firefox install NoScript. These are also helpful for other plugins with less than stellar track records, e.g. Adobe Flash, QuickTime etc.
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Another critical Java vulnerability puts 1 billion users at risk

Thanks for the advice.... I am using a program at the moment which does require Java... but I don`t know what other progs use it, other than what the splash screen says about it when you install/update it ...
I do not know what the "threat" is to me, with Java installed,. and most of the techy stuff about threats is beyond my comprehension. 
I suppose it is a bit of "head in the sand",.... but if the guys who make Java, know about "threats" to users, then it is their job to counter that and issue, or automatically, update as and when needed.
To post something about a "threat" and say that it should be removed for your own safety, without a simple guide to reasons why it is a threat, is likely to cause panic amongst users...
Hang on a mo... isn`t that what Linux users say about Windows?  it is insecure, and threats abound almost daily... perhaps I should uninstall that too... (cant get on with Linux so end of story ! ! !)
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Another critical Java vulnerability puts 1 billion users at risk

The current, and previous big threat, is with the Java plugin: a website can run any program on your computer, or save a file and run that.
Steve
Seasoned Pro
Posts: 6,853
Thanks: 336
Registered: ‎13-07-2009

Re: Another critical Java vulnerability puts 1 billion users at risk

Quote from: shutter
To post something about a "threat" and say that it should be removed for your own safety, without a simple guide to reasons why it is a threat, is likely to cause panic amongst users...
Where did you read that?
Quote
To recap, this Java bug is even worse than the last critical Java vulnerability. It puts one billion users of Oracle’s Java SE, Java 5, 6 and 7, at risk. It could be exploited using these browsers: Chrome, Firefox, Internet Explorer, Opera and Safari. If you visit a maliciously crafted website, attackers could gain total control of your PC. Wow, thanks a lot Oracle.
If life gives you lemons, make lemonade.
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Another critical Java vulnerability puts 1 billion users at risk

Hi Steve.....
Quote

Another critical Java vulnerability puts 1 billion users at risk

and followed up by......
Quote

If you disabled Java when the last zero-day exploit was spotted in the wild, then you might consider doing so again . . . or dumping Java altogether?


Does that look familiar?  Cheesy
Steve
Seasoned Pro
Posts: 6,853
Thanks: 336
Registered: ‎13-07-2009

Re: Another critical Java vulnerability puts 1 billion users at risk

Well shutter the truth Is out there, I guess Its up to the Individual what they do with It but security should never be compromised IMHO.
If life gives you lemons, make lemonade.
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Another critical Java vulnerability puts 1 billion users at risk

:o............................................ ::)..................................... Undecided