Java security problems continue to worsen

Discuss whatever you like here! ( ...that's not spam!)

Moderators: Support Staff², Support Staff, AvantGuard, Developer

Post Reply
mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: 10
Avant Version: 2015 Ultimate Build 28
Default engine: Gecko (Firefox)
IE Version: 10
Skin: Monai XP
Location: Grass Valley, CA

Java security problems continue to worsen

Post by mbrazil » Mon Sep 16, 2013 12:06 am


mathman
Avantic
Avantic
Posts: 932
Joined: Mon Feb 15, 2010 12:03 am
Windows Version: 10 (64 bit)
Avant Version: 2016 utimate latest
Default engine: Firefox
IE Version: IE11
Skin: Crystal (may vary)

Re: Java security problems continue to worsen

Post by mathman » Mon Sep 16, 2013 3:10 am

If I understand correctly, the problem seems to be with an older version of Java. The current version has been fixed, but hackers are reverse engineering the fixes to attack the Java versions which haven't been fixed.

This seems to mean that you should get the latest version of Java. Saying that the security problem continues to worsen is somewhat misleading.

mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: 10
Avant Version: 2015 Ultimate Build 28
Default engine: Gecko (Firefox)
IE Version: 10
Skin: Monai XP
Location: Grass Valley, CA

Re: Java security problems continue to worsen

Post by mbrazil » Mon Sep 16, 2013 4:47 am

The fact that Java appears to be the primary attack vector is what I was referring to. History has shown us that yet to be found security vulnerabilities are probably lurking in all software. Since the black-hat hackers are concentrating more on Java than any other commonly used software, it's a sure bet that they'll be putting a lot of effort into looking for additional Java vulnerabilities and that they'll be right on top of any new vulnerabilities that are identified, including in version 7 and beyond.

If you must use apps or websites that require Java, you have no choice but to keep it installed. It may be inconvenient, but I'd still recommend keeping the Java plugin disabled whenever you aren't using those apps or websites. If the Java plugin is enabled, and you are tricked into clicking a link in an email or on a web page that takes you to a Java exploit site, your computer could be compromised in seconds. If a new vulnerability is found and a zero-day exploit is already active, you can't be sure that the security software on your computer would prevent this. But if the Java plugin is disabled (or if Java is not even installed), you'd just get a message indicating that Java is needed for that site, and this would tip you off to be careful about the site.

Here's another article that explains the situation in a little more detail: http://www.kaspersky.com/about/news/vir ... a_exploits

mathman
Avantic
Avantic
Posts: 932
Joined: Mon Feb 15, 2010 12:03 am
Windows Version: 10 (64 bit)
Avant Version: 2016 utimate latest
Default engine: Firefox
IE Version: IE11
Skin: Crystal (may vary)

Re: Java security problems continue to worsen

Post by mathman » Mon Sep 16, 2013 6:53 pm

I appreciate your point. My strategy has always been - don't open anything you are not sure of.

Gmail, which is my main e-mail source marks things as spam and does a very good job at it - don't open any of it.

Also when I get a message saying I need a new version of something (Flash seems to very popular), ignore it unless it comes from something reliable, such as Secunia or Cnet.

mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: 10
Avant Version: 2015 Ultimate Build 28
Default engine: Gecko (Firefox)
IE Version: 10
Skin: Monai XP
Location: Grass Valley, CA

Oracle Java fails at security in new and creative ways

Post by mbrazil » Wed Sep 18, 2013 5:37 am

by Chester Wisniewski on September 17, 2013

Oracle Java, easily the most attacked and successfully exploited browser plugin, is on my radar again after finding new ways to fail at security.

http://nakedsecurity.sophos.com/2013/09 ... -418456853

Post Reply