MichaelWeston Posted February 8, 2013 Report Share Posted February 8, 2013 govt told me not to use it. Can I use it yet? Link to comment Share on other sites More sharing options...
|Numbers| Posted February 8, 2013 Report Share Posted February 8, 2013 [quote name='MichaelWeston' timestamp='1360333662' post='1213512'] govt told me not to use it. Can I use it yet? [/quote] If they told you not to use it, am I assuming you are not the one performing updates ? The answer is not definite because updates, restriction, and or disabling are required before using. According to CERT the solutions are as follows; [url="http://www.kb.cert.org/vuls/id/858729"]http://www.kb.cert.org/vuls/id/858729[/url] Solution Apply an update These issues are addressed in Java 7 Update 13 and Java 6 Update 39. Please see the Oracle Java SE Critical Patch Update Advisory - February 2013 for more details. Disable Java in web browsers Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. Please see the Java documentation for more details. System administrators wishing to deploy Java 7 Update 10 or later with the "Enable Java content in the browser" feature disabled can invoke the Java installer with the WEB_JAVA=0 command-line option. More details are available in the Java documentation. Restrict access to Java applets Network administrators unable to disable Java in web browsers may be able to help mitigate this and other Java vulnerabilities by restricting access to Java applets. This may be accomplished by using proxy server rules, for example. Blocking or whitelisting web requests to .jar and .class files can help to prevent Java from being used by untrusted sources. Filtering requests that contain a Java User-Agent header may also be effective. For example, this technique can be used in environments where Java is required on the local intranet. The proxy can be configured to allow Java requests locally, but block them when the destination is a site on the internet. Link to comment Share on other sites More sharing options...
|Numbers| Posted February 8, 2013 Report Share Posted February 8, 2013 [url="http://www.us-cert.gov/cas/techalerts/TA13-032A.html"]http://www.us-cert.gov/cas/techalerts/TA13-032A.html[/url] Systems Affected Any system using Oracle Java including •JDK and JRE 7 Update 11 and earlier •JDK and JRE 6 Update 38 and earlier •JDK and JRE 5.0 Update 38 and earlier •SDK and JRE 1.4.2_40 and earlier •JavaFX 2.2.4 and earlier •Java 1.6.0_37 and earlier for Mac OS X and OS X Server 10.6.8 Web browsers using the Java plug-in are at high risk Link to comment Share on other sites More sharing options...
|Elflocko| Posted February 8, 2013 Report Share Posted February 8, 2013 My advice is if you don't absolutely need it, uninstall it completely. If you do have to use it (as I do for work), then update it whenever it's available and check for a new version every day... Link to comment Share on other sites More sharing options...
MichaelWeston Posted February 8, 2013 Author Report Share Posted February 8, 2013 The government told everyone to turn it off. Thanks for the help guys. Link to comment Share on other sites More sharing options...
|Elflocko| Posted February 9, 2013 Report Share Posted February 9, 2013 [url="http://www.idgconnect.com/blog-abstract/742/rob-cheng-global-malware-storm"]This article[/url] articulates the issue well; the big problem now is that the worms and viruses have become polymorphic... Link to comment Share on other sites More sharing options...
Tigris Posted February 12, 2013 Report Share Posted February 12, 2013 I was reading about the creator of Java. Sounds like he got hosed. Anyone know the short version story of this? Link to comment Share on other sites More sharing options...
|Elflocko| Posted March 3, 2013 Report Share Posted March 3, 2013 And again. I can't help but believe that the hackers wouldn't be exploiting Java this earnestly if not for it being owned by Darth Ellison... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.