Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: New Java Exploit Fetches $5,000 Per Buyer; Krebs on Security


16 Jan 2013   #1

7 Pro x64 SP1, XP SP3 VM
 
 
New Java Exploit Fetches $5,000 Per Buyer; Krebs on Security

New Java Exploit Fetches $5,000 Per Buyer — Krebs on Security

Quote:
Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned.

On Sunday, Oracle rushed out a fix for a critical bug in Java that had been folded into exploit kits, crimeware made to automate the exploitation of computers via Web browser vulnerabilities. On Monday, an administrator of an exclusive cybercrime forum posted a message saying he was selling a new Java 0day to a lucky two buyers. The cost: starting at $5,000 each.

The hacker forum admin’s message, portions of which are excerpted below, promised weaponized and source code versions of the exploit. This seller also said his Java 0day — in the latest version of Java (Java 7 Update 11) — was not yet part of any exploit kits, including the Cool Exploit Kit I wrote about last week that rents for $10,000 per month.
Is Oracle neglecting the consumer users it inherited from Sun? | Security - InfoWorld

Quote:
Though the purported new zero-day exploit has yet to be officially confirmed, it's certainly plausible. First, per Krebs: "I don't have the exploit or the source code or anything. That said, this was a sales thread posted by an administrator of this exclusive crime forum. It would be somewhat rare and ill-advised for a person in such a position to try to scam forum members, especially for just $5k."

Second, a critique of the latest Java patch by the OpenJDK community found that "while Oracle's quick fix appears to have broken the exploit chain ... building another chain could be possible -- and may already have happened within the shadows of the black-hat cracker community."



My System SpecsSystem Spec
.

16 Jan 2013   #2

Windows 7 Home Premium x64
 
 

Java will be belly up one of these days. Just recently had to reinstall it..... but keep it disabled.
My System SpecsSystem Spec
16 Jan 2013   #3

Windows 7 Pro. 64/SP-1
 
 

Is it just me or does it seem like every sense Oracle bought Sun Micro Java it has been exploited with revenge.
My System SpecsSystem Spec
.


16 Jan 2013   #4

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
The "Fun" Never Ends

Java is a disaster (like Flash).

People "paid me out" (a couple of years ago) when I called Java, "a dirty, disease-carrying, piece of garbage."
My System SpecsSystem Spec
17 Jan 2013   #5

7 Pro x64 SP1, XP SP3 VM
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
Is it just me or does it seem like every sense Oracle bought Sun Micro Java it has been exploited with revenge.
Same thought occurred to me.
My System SpecsSystem Spec
17 Jan 2013   #6

Windows 7 Pro. 64/SP-1
 
 

Unhappy X employees
My System SpecsSystem Spec
18 Jan 2013   #7

Windows 7 Home Premium 64 bit. (On both machines)
 
 

The questions I would like to ask are these: -

Do we need Java?

What are the alternatives?
My System SpecsSystem Spec
19 Jan 2013   #8

7 Pro x64 SP1, XP SP3 VM
 
 
And the beat goes on...

Researchers find critical vulnerabilities in Java 7 Update 11 | Security - InfoWorld

Quote:
Researchers from Security Explorations, a Poland-based vulnerability research firm, claim to have found two new vulnerabilities in Java 7 Update 11 that can be exploited to bypass the software's security sandbox and execute arbitrary code on computers.

Oracle released Java 7 Update 11 last Sunday as an emergency security update in order to block a zero-day exploit used by cybercriminals to infect computers with malware.

Security Explorations successfully confirmed that a complete Java security sandbox bypass can be still be achieved under Java 7 Update 11 (JRE version 1.7.0_11-b21) by exploiting two new vulnerabilities discovered by the company's researchers, Adam Gowdiak, the company's founder, said Friday in a message sent to the Full Disclosure mailing list. The vulnerabilities were reported to Oracle on Friday, together with working proof-of-concept exploit code, he said.

According to Security Explorations' disclosure policy, technical details about the vulnerabilities will not be publicly disclosed until the vendor issues a patch.
My System SpecsSystem Spec
21 Jan 2013   #9
4wd

W8+8.1, W7 ult+hp, XP
 
 

From the continuing stream of java scares, history seems to point towards there may never come a time when it's completely safe (even for shorter periods!).

F.ex., banks + many government websites here does all their authenticating using java, so it's not an option to uninstall it completely.

Solution is to use several browsers, disable java in the day-to-day browser (mainly FF w. security add-ons here), + a dedicated java-enabled browser (IE here) used exclusively to access the sites where java is mandatory.
My System SpecsSystem Spec
Reply

 New Java Exploit Fetches $5,000 Per Buyer; Krebs on Security




Thread Tools



Similar help and support threads for2: New Java Exploit Fetches $5,000 Per Buyer; Krebs on Security
Thread Forum
JAVA Exploit Remedy? System Security
Yet another Java exploit thread. System Security
Security experts on Java: Fixing zero-day exploit could take 'two year Security News
Exploit:Java/CVE-2010-0840.IO help. System Security
Exploit Packs Run on Java Juice Security News
Java: A Gift to Exploit Pack Makers. Security News
Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:09 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33