- Joined
- Sep 12, 2004
- Location
- Up$hitCreek
You do not have permission to view link
Log in or register now.
Your fully patched installation of Java isn't safe.
by Dan Goodin - Jan 10 2013, 10:05am CST
Critical Java bug being exploited in the wild
- Thread starter Mousey
- Start date
Your fully patched installation of Java isn't safe.
by Dan Goodin - Jan 10 2013, 10:05am CST
- Joined
- Sep 12, 2004
- Location
- Up$hitCreek
Java security concerns escalate
Heads up, people...
Heads up, people...
You do not have permission to view link
Log in or register now.
- Joined
- Oct 3, 2010
- Location
- Faroe Islands
Yep they have been warning people on the radio here today, be careful when using your homebank .
- Joined
- Oct 14, 2004
- Location
- United Kingdom
The problem is that this could make many sites unuseable.
There is the same issue with Flash and Apple products. Apple prevent Flash from working, but this means that Apple devices can only access a subset of the internet, and cannot use many websites and applications. The workarounds for this seem less secure than just allowing Flash to be installed locally.
Many users don't even know when they are using Java, or even Flash. They just see a website.
The other problem is that many websites will tell the user they have to install one of these products just to view the content, and so would find themselves reinstalling a product that had been disabled or removed by an administrator just to get on with their daily tasks.
What is needed is a tool that can be widely publicised that users can run to check whether or not they have picked up this exploit. The FBI did this with a previous exploit that messed up routing so that users visited malicious sites instead of the ones intended. As well as shutting down the exploit, they developed a tool that users could use to check whether they had been compromised.
A device that connects to the internet can never be safe. The difference here is that the authorities have discovered this exploit to be in use. There may be something else in use yet to be discovered by the authorities or security software firms.
The only sure way to clean up after such a mess is to format the OS drive and reinstall everything from scratch.
There is the same issue with Flash and Apple products. Apple prevent Flash from working, but this means that Apple devices can only access a subset of the internet, and cannot use many websites and applications. The workarounds for this seem less secure than just allowing Flash to be installed locally.
Many users don't even know when they are using Java, or even Flash. They just see a website.
The other problem is that many websites will tell the user they have to install one of these products just to view the content, and so would find themselves reinstalling a product that had been disabled or removed by an administrator just to get on with their daily tasks.
What is needed is a tool that can be widely publicised that users can run to check whether or not they have picked up this exploit. The FBI did this with a previous exploit that messed up routing so that users visited malicious sites instead of the ones intended. As well as shutting down the exploit, they developed a tool that users could use to check whether they had been compromised.
A device that connects to the internet can never be safe. The difference here is that the authorities have discovered this exploit to be in use. There may be something else in use yet to be discovered by the authorities or security software firms.
The only sure way to clean up after such a mess is to format the OS drive and reinstall everything from scratch.
- Joined
- Sep 12, 2004
- Location
- Up$hitCreek
- Joined
- Apr 17, 2010
- Location
- Turn around...
Thanks for the update Mousey, I still think I'll leave it disabled until the dust settles and some feedback on the patch.
