Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 28. Aug 2012, 06:14 PM   #1 (permalink)
Senior Member
 
Concerned User's Avatar
 
Join Date: Apr 2010
Location: இந்தியா, सिन्धु, India
Posts: 486
Default Disable Java NOW, users told, as 0-day exploit hits web

http://www.theregister.co.uk/2012/08...block_exploit/


http://reviews.cnet.com/8301-13727_7...y-affect-macs/

...sighs deeply....


Quote:
For individual users, the researchers say, the best solution for now is to disable the Java browser plugin until Oracle issues an official patch.
Thankfully, all modern browsers have functionality to turn off or turn on plugins easily.....

Looks like mac and linux are also equally vulnerable?:

Quote:
But the hackers behind the Metasploit penetration testing software say they have studied the exploit and found that it could just as easily be used to attack machines running Linux or Mac OS X, given the appropriate payload.
Rather unfortunate, that some online banking sites have to use java for two factor authentication. Example:

2 Factor Authentication - Safe & Secure ebanking:

If you are enabled for 2 Factor Authentication, then it is essential for you to install latest JAVA on your system.



Last edited by Concerned User; 28. Aug 2012 at 06:37 PM.
Concerned User is offline   Reply With Quote
Old 29. Aug 2012, 08:33 PM   #2 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Not a bad idea to disable Java, even better is to uninstall it if its not required by a program. I got rid of it 3 years ago, don't miss it. People that needs to have it because of a program or two, can have it and still keep it blocked when browsing with Firefox. For that, you can use NoScript.

Bo
bo.elam is offline   Reply With Quote
Old 30. Aug 2012, 06:09 AM   #3 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default

last night when i took my computer out of stand by, i noted i was prompted by java to update. the prompt showed oracle. i started the update process and was prompted to install the ...ask toolbar. at this point i canceled as i found in the past that the tool bar add on (ask) can be a bad thing. i guess im asking this, should the update from oracle have the ask toolbar or search engine prompt attached to the update process? the update was called version 7 update 6 (build 1.70_06-b24)

Last edited by placou 1968; 30. Aug 2012 at 06:17 AM.
placou 1968 is offline   Reply With Quote
Old 30. Aug 2012, 06:45 AM   #4 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,357
Default

Quote:
Originally Posted by placou 1968 View Post
last night when i took my computer out of stand by, i noted i was prompted by java to update. the prompt showed oracle. i started the update process and was prompted to install the ...ask toolbar. at this point i canceled as i found in the past that the tool bar add on (ask) can be a bad thing. i guess im asking this, should the update from oracle have the ask toolbar or search engine prompt attached to the update process? the update was called version 7 update 6 (build 1.70_06-b24)
Use Secunia PSI to do your updates and avoid crap like Ask.

https://secunia.com/vulnerability_scanning/personal/

"Other companies have repackaged third-party software with their own installers for various reasons in the past. Some software distribution websites like Download.com do this to bundle browser toolbars for extra revenue. However, Secunia will not add anything to its installer. "The only thing we want to do is apply a minimal patch without interacting with the user," Kristensen said. In some cases vendors might distribute third-party toolbars or advertisements with their software updates themselves, in which case Secunia's silent installer could cut into their revenue stream."
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is online now   Reply With Quote
Old 30. Aug 2012, 06:58 AM   #5 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

placou 1968, you are right, Ask is been "offered" when you install Java. I cant believe Oracle is doing this.

http://www.java.com/en/download/faq/ask_toolbar.xml

I recommend you stay away from installing Java but if you must have it, you can get a toolbar free installer from here. Make sure you download the" Windows offline" installer.

http://java.com/en/download/manual.jsp

Bo
bo.elam is offline   Reply With Quote
Old 30. Aug 2012, 07:07 AM   #6 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,334
Default

Good advices by MC, and Bo... but, looking at the present situation, I would advise uninstalling java altogether. Java is only required on some sites... so, most probably, you won't need to install java.

In case you do need java, then you can follow Bo's advice in the 2nd post.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 30. Aug 2012, 08:19 AM   #7 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,357
Default

Using Secuina will avoid similar instances with other program of course that seek to bundle unwanted components with their updates.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is online now   Reply With Quote
Old 30. Aug 2012, 01:24 PM   #8 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default

many thanks, i never knew what it was for, and i find that if you folks dont need it, i certainly wont, its now uninstalled
placou 1968 is offline   Reply With Quote
Old 30. Aug 2012, 01:30 PM   #9 (permalink)
Senior Member
 
Join Date: Jul 2010
Location: New Zealand
Posts: 1,741
Default

My kids play Java games all the time but only on their computers except that I have to fix them if there's a problem but burglary and a meltdown have reduced us to one
__________________
Better to light a candle ... than to curse the darkness.
Remah is offline   Reply With Quote
Old 30. Aug 2012, 06:30 PM   #10 (permalink)
Senior Member
 
eyeb's Avatar
 
Join Date: Sep 2010
Location: Planet X
Posts: 887
Default

Not sure how useful this will be for people, but i like portable apps, mentioned it before

but running portable firefox, I have a portable copy of java that works as well. And I can launch java files to run them too. Anyways because java isn't installed, I have a tad bit more control over things looking for java since they ask if i want to install it, I just say no. Rest of time all things java is set to launch inside sandboxie
eyeb is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 12:47 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2021, vBulletin Solutions, Inc.