Java Update to kill the BEAST

[Phone Man]

Oracle updates Java to stop SSL-chewing BEAST • The Register

Short for Browser Exploit Against SSL/TLS, BEAST was first demonstrated late last month at a security conference in Argentina, where researchers Juliano Rizzo and Thai Duong used the attack to recover an encrypted authentication cookie used to access a PayPal user account in less than two minutes. Oracle has more about the Java update here.

A Java exploit was used to gain access to your system and then they could intercept your SSL packets.

Jim

 

[mindinka]

Java? Not again...

This is the reason I am not installing Java on my machine...

 

[xxxdannyxxx]

this is the reason i am not installing java on my machine...

 

[Athene]

Same over here - no more OracleJava on my machines either

 

[marsmimar]

 

[Hopalong X]

I put this system together in August, 2010.

Never installed JAVA. Never will.
I also have not needed it.

 

[seavixen32]

I've never installed Java either and my system isn't complaining about it.

 

[Corrine]

mindinka; xxxdannyxxx; Athene; marsmimar; Hopalong X; and seavixen32 --

I don't want to abuse the rep system by giving each of you rep for your wise decision. So, instead, a big thumbs up!

As I wrote in a recent blog article, when it comes to Oracle Java JRE, you may have it installed on your computer but might not even need it. Following are reasons why someone may need Oracle Sun Java installed on their computer:

• Playing on-line games generally requires Java.
• With OpenOffice, Java is needed for the items listed here .
• It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
• There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.

If the above does not apply to you, consider uninstalling Java. In the event you discover that it is needed, you can always download the most recent version.

​

 

[seavixen32]

Thanks for your support, Corrine. It's much appreciated.

 

[Hopalong X]

Thanks Corrine.
No rep expected.

I posted for others to read as most have.

Of course you covered the topic more eloquently!

 

[Phone Man]

Although I have not had Java on my systems for the past 6 Months I started this thread to inform those that use it to be sure and get it updated. Now if I could just do without Flash I would have a safer system.

Jim

 

[seavixen32]

Although I have not had Java on my systems for the past 6 Months I started this thread to inform those that use it to be sure and get it updated. Now if I could just do without Flash I would have a safer system.

Jim

Couldn't agree more.

 

[mindinka]

Thanks

Hi Corrine!
Thanks is good enough, and thank you...

 

[Corrine]

Finally the developers of Java get it: Alert: Java’s Forward-Compatibility Promise Has Been Revised - Microsoft's USGCB Tech Blog - Site Home - TechNet Blogs

Should you continue to use older versions of Java, or even have them installed on your systems? Probably not – the risk is obviously high. Oracle (which acquired Sun Microsystems and Java) specifically recommends that you do not. Says Oracle:

We highly recommend users remove all older versions of Java from your system.
Keeping old and unsupported versions of Java on your system presents a serious security risk.
​

MowGreen began the campaign in 2005 attempting to convince Sun Microsystems (then the owner of Java before Oracle's purchase) to change the Java auto-updater to uninstall previous (vulnerable) versions of the program. At that time, the current version was Java JRE 5.0 Update 5.

Three years later, with JRE SE 6u11, the update mechanism for Java was finally changed to remove the previous install. However, it did not remove installations prior to update 10.

 

[Corazon]

Wow. Good thing I never trust auto-updates (except to check for new versions, but not auto-install them).

 

[DBone]

As others have said, and as my sig says, java is not needed, and is becoming more so as each day passes.

 

[Corazon]

I only have Java on my laptop because from time to time I use an app called Your Freedom which runs in Java. Practically never use it in Firefox, though.