|
Source: (consider it)
|
Thread: Java browser malware - Ship Café runs Java
|
|
|
lilBuddha
Shipmate
# 14333
|
Posted
As far as the Ship, more than the cafe is affected by disabling java. The helpful coding buttons below the reply entry field do not work. Nor does preview post.
--------------------
I put on my rockin' shoes in the morning
Hallellou, hallellou
Posts: 17627 | From: the round earth's imagined corners | Registered: Dec 2008
| IP: Logged
|
|
lilBuddha
Shipmate
# 14333
|
Posted
Java just released update 11, but some are still recommending disabling Java.
Several features do not work here with java disabled. Post dates disappear, I am going to guess that PM notifications likely do as well. Going to be a lot of annoyances if one does disable java. What I am doing is allowing Java, but running no-script Firefox add-on. Still a pain.
--------------------
I put on my rockin' shoes in the morning
Hallellou, hallellou
Posts: 17627 | From: the round earth's imagined corners | Registered: Dec 2008
| IP: Logged
|
|
Niteowl
Hopeless Insomniac
# 15841
|
Posted
If one chooses to install Java 7 Update 11, please be sure to uninstall ANY other instances of Java listed under programs. Malicious code can be executed under those previous codes even if you have Update 11 installed.
--------------------
"love all, trust few, do wrong to no one"
Wm. Shakespeare
Posts: 2437 | From: U.S. | Registered: Aug 2010
| IP: Logged
|
|
Amorya
Ship's tame galoot
# 2652
|
Posted
quote:
Originally posted by lilBuddha:
As far as the Ship, more than the cafe is affected by disabling java. The helpful coding buttons below the reply entry field do not work. Nor does preview post.
The coding buttons and preview post use JavaScript, not Java. Despite the similarity in naming, the two things aren't related: I believe at some point in the 90s, Java was the Next Big Thing™, and the writers of JavaScript picked that name to try and ride on the back of the publicity.
The security hole only affects Java, so you can safely leave JavaScript turned on.
Posts: 2383 | From: Coventry | Registered: Apr 2002
| IP: Logged
|
|
Niteowl
Hopeless Insomniac
# 15841
|
Posted
This will either kill Java or finally give us a decent, safe version. According to this article on ZDnet, "First came the discovery of chinks in the computer language's armor last week, after researcher "kafeine" pointed out a number of websites that were using a zero-day security vulnerability within Java 7 Update 10, which could result in the installation of malware, identity theft or used to rope personal computers in to becoming unauthorized botnets -- which can then be used in denial-of-service attacks against other sites.
The problem was severe enough for the firm to release an emergency patch -- Java 7 Update 11 -- over the weekend." However, it's much, much worse: "Security researcher Adam Gowdiak from Security Explorations has been keeping an eye on the software flaws in Java over the past year. Once Gowdiak analyzed the latest update to Java, he found that the patch still leaves a number of "critical security flaws," according to Reuters. This statement, mirrored by AlienVault Labs' Jaime Blasco who branded Oracle's offering as a "mess," was later reinforced by the firm's recommendation against using the software."
Unfortunately, Java is essential to using a lot of corporate software, doing online banking and a whole slew of other items. Not sure about how deeply Java is embedded into the ship, but it's a mess and a very big risk to use it.
Thanks a lot Sun and Oracle.
--------------------
"love all, trust few, do wrong to no one"
Wm. Shakespeare
Posts: 2437 | From: U.S. | Registered: Aug 2010
| IP: Logged
|
|
pease
Tech Admin
# 6
|
Posted
On the ship it's just the café chat client that uses java.
As to the question of whether there's currently a safe / secure way of running java on your computer, the answer appears to be "Do you feel lucky?".
Posts: 184 | From: sunset on the strong river | Registered: Nov 2004
| IP: Logged
|
|
The Rhythm Methodist
Shipmate
# 17064
|
Posted
As a technologically-challenged person, I'm wondering if any of you good people could tell me if I need to do anything about Java on my PC? I've got two of their programmes on my machine - Java 7 update 9, and Java 6 update 23. Thanks!
Posts: 202 | From: Wales | Registered: Apr 2012
| IP: Logged
|
|
Amorya
Ship's tame galoot
# 2652
|
Posted
quote:
Originally posted by pease:
As to the question of whether there's currently a safe / secure way of running java on your computer, the answer appears to be "Do you feel lucky?".
You're a darn sight more secure if you just don't let your web browser anywhere near it (i.e. disable the ability to run Java applets). That way you can still run software that uses Java, but web sites can't run stuff for you. (Doing that would of course still block the ship's Café.) This website shows you how to do it.
I'm not promising this would be perfectly secure (I'm not a security researcher and can't promise that), but it's the level of security I've chosen for myself, and it definitely protects you from the exploit that's in the news at the moment.
(As I mentioned above, Java is not the same as JavaScript: the latter doesn't have huge known security holes and you can safely leave it turned on).
Posts: 2383 | From: Coventry | Registered: Apr 2002
| IP: Logged
|
|
Niteowl
Hopeless Insomniac
# 15841
|
Posted
quote:
Originally posted by The Rhythm Methodist:
As a technologically-challenged person, I'm wondering if any of you good people could tell me if I need to do anything about Java on my PC? I've got two of their programmes on my machine - Java 7 update 9, and Java 6 update 23. Thanks!
You do need to uninstall both of the above versions whether or not you decide to install Java 7 Update 11 or not. Sadly, Java doesn't configure their install/update programs to automatically uninstall previous versions so you are still vulnerable to any security problems those versions have. Go to the Control Panel and uninstall both programs one at a time.
--------------------
"love all, trust few, do wrong to no one"
Wm. Shakespeare
Posts: 2437 | From: U.S. | Registered: Aug 2010
| IP: Logged
|
|
|
|
Jengie jon
Semper Reformanda
# 273
|
Posted
For those using Firefox it is automatically disabling Java at present. Both my work and home machine it is disabled within Firefox and you can't simply restart it with it enabled.
I know this as I had to do a horrible download yesterday from the IBM site that is normally controlled by a JAVA app.
Jengie
--------------------
"To violate a persons ability to distinguish fact from fantasy is the epistemological equivalent of rape." Noretta Koertge
Back to my blog
Posts: 20894 | From: city of steel, butterflies and rainbows | Registered: May 2001
| IP: Logged
|
|
the giant cheeseburger
Shipmate
# 10942
|
Posted
quote:
Originally posted by Jengie Jon:
For those using Firefox it is automatically disabling Java at present. Both my work and home machine it is disabled within Firefox and you can't simply restart it with it enabled.
I know this as I had to do a horrible download yesterday from the IBM site that is normally controlled by a JAVA app.
Jengie
Same with Safari, it's blocked until you get the newest version of Java downloaded.
Hopefully this fiasco will be the beginning of the end of Java's common use on the internet, just as Flash is finally on the way out.
--------------------
If I give a homeopathy advocate a really huge punch in the face, can the injury be cured by giving them another really small punch in the face?
Posts: 4834 | From: Adelaide, South Australia. | Registered: Jan 2006
| IP: Logged
|
|
Printer-friendly view
