SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Location
    Auckland, NZ
    Posts
    98
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    JAVA Vulerabilities

    I need some help to understand the following: http://www.livehacking.com/2012/08/2...ploit-spreads/

    One consultant says the following:
    According to software giant Oracle, Java is deployed across more than 3 billion systems worldwide. But the truth is that many people who have this powerful program installed simply do not need it, or only need it for very specific uses. Iíve repeatedly encouraged readers to uninstall this program, not only because of the constant updating it requires, but also because there seem to be a never-ending supply of new exploits available for recently-patched or undocumented vulnerabilities in the program.
    (http://krebsonsecurity.com/tag/java/)

    The developer of our's School's system management system however tells me that we have nothing to fear as JavaScript is separate from the java VM. Does this mean that in order to be secure, rather than disabling JavaScript in our browsers we can simply make sure that we uninstall all JAVA packages on our machines?

  2. #2
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,108
    Mentioned
    28 Post(s)
    Tagged
    2 Thread(s)
    It says in your first link how to disable the Java plugin in major browsers.
    That's all you need to do.

    Java has zero to do with JavaScript apart from slightly similar syntax.

  3. #3
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,716
    Mentioned
    103 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by abasel View Post
    The developer of our's School's system management system however tells me that we have nothing to fear as JavaScript is separate from the java VM. Does this mean that in order to be secure, rather than disabling JavaScript in our browsers we can simply make sure that we uninstall all JAVA packages on our machines?
    Disabling JavaScript will do nothing to protect you from Java issues, because Java and JavaScript have nothing to do with each other.

    You don't need to uninstall Java from your machines either. Just disabling Java applets in the web browser is enough to protect yourself.
    Instructions can be found at http://www.h-online.com/security/new...w-1678618.html

    Episode 367 of Security Now also goes in to quite some detail about this Java security problem, and how you can protect yourself.
    Last edited by paul_wilkins; Aug 29, 2012 at 20:12.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  4. #4
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Location
    Auckland, NZ
    Posts
    98
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi, thanks for that. On uninstalling Java (as per the first quote's recommendation), isjavaexploitable.com reported that my computer was safe. This seems simpler than having to check the plugins on my browsers

  5. #5
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,716
    Mentioned
    103 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by abasel View Post
    Hi, thanks for that. On uninstalling Java (as per the first quote's recommendation), isjavaexploitable.com reported that my computer was safe. This seems simpler than having to check the plugins on my browsers
    Yes, uninstalling is a more broad-brush approach that also works. Some people like myself have java programs that need to run outside of the web browser(where the existing unpatched danger is), such as Minecraft, so uninstalling is not a solution for such circumstances.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  6. #6
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Location
    Auckland, NZ
    Posts
    98
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by paul_wilkins View Post
    Yes, uninstalling is a more broad-brush approach that also works. Some people like myself have java programs that need to run outside of the web browser(where the existing unpatched danger is), such as Minecraft, so uninstalling is not a solution for such circumstances.
    Yeah it is pretty heavy handed... well the patch is out now so all good until next time..... it does big the question about social responsibility and legal liabilities but that's a discussion for another forum :-)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •