Security experts on Java: Fixing zero-day exploit could take 'two year

Borg 386

Borg 386

ADHD Senior Member
Guru
Gold Member
VIP
Local time
7:31 AM
Messages
5,489
Location
In a house with a cat trying to kill me
And it just keeps getting better & better.....

The problem was severe enough for the firm to release an emergency patch -- Java 7 Update 11 -- over the weekend. However, security experts have warned that the changes do not go far enough.

Security researcher Adam Gowdiak from Security Explorations has been keeping an eye on the software flaws in Java over the past year. Once Gowdiak analyzed the latest update to Java, he found that the patch still leaves a number of "critical security flaws," according to Reuters. This statement, mirrored by AlienVault Labs' Jaime Blasco who branded Oracle's offering as a "mess," was later reinforced by the firm's recommendation against using the software.

"We don't dare to tell users that it's safe to enable Java again," Gowdiak commented.
Click to expand...
Security experts on Java: Fixing zero-day exploit could take 'two years' | ZDNet

Zero-Day paranoia and the reality of modern web browsing | ZDNet

From my understanding of the exploit in question, it uses a weakness inherent in the Java VM that allows remote code execution of malicious software.

What does that mean, exactly?

Well, it means that if you have Java installed on your machine, and you have the plugin for Java web start apps enabled in your browser, that means that a piece of bytecode (software loaded from a website that uses Java) that is executed from within the Java VM installed on your PC can call outside of its supposedly sandboxed environment to your operating system and execute a "payload".

This payload is presumably software that the hacker has managed to get onto your computer through social engineering or even though the Java plugin itself.

In other words, by visiting these illicit sites, you put the software on your computer that the hacker can now command to steal your information, monitor your keystrokes, et cetera.
Click to expand...
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
Yep just found this one Borg looks pretty grim for Java / Oracle eh?
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
Yepperz. Considering that there are some sites/programs that just won't work without Java, it's looking pretty bad.

For instance, I'm running OpenOffice & that requires it. If I turn off the scripting when I go to my school site, I can't see 1/2 the stuff OR take my online tests.....:mad:

I'm really hoping the experts are wrong on this & Oracle kicks it's butt into high gear to fix this....
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
yes sir rie , that is another way to really screw ur world up , patch from hell .
 

My Computer

OS
win 7home prem 32bits
I mentioned over on the VF that at work, I have a site that I have to go to everyday to put in shipping info for a particular company.
Their site is entirely Java. Slow, crashes, and now this crap.
Maybe this will help them get their head out of their rear and do something different.
They are a well known company(if you're old enough, think "we bring good things to life"), and I can't see why they have such a crap site for their incoming shipments.
 

My Computer

Computer Manufacturer/Model Number
Toshiba Satellite L455D
OS
Windows 7 Home Premium
CPU
Amd Semperon 2.10GHz
Memory
2 Gig
Graphics Card(s)
ATI Radeon 3100
Sound Card
Realtek
Monitor(s) Displays
15.6 inch
Screen Resolution
1366x768
Hard Drives
250gig
Mouse
Logitech Wireless
Internet Speed
16/2 cable
What about antiviruses to stop the bad guys, firewalls to prevent a virus from calling home, UAC to prevent it from touching system areas, low integrity to prevent it from touching anything user-related, and most important what about common sense?

I think those articles are just to alarming people more than they should. Really, anyone with a serious enough security configuration can probably be reasonably safe. I'm not saying that there are no flaws, every program has its backholes and internet facing ones are particularly dangerous, but from there to hurrying everyone to blow up their Java installs for a security vulnerability that probably existed since many years ago seems too much to me. Take caution, yes, but don't become paranoid.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba Sattelite A665-S6092
OS
Windows 7 Ultimate x64
CPU
Intel Core i7-740QM
Memory
8 GB DDR3
Graphics Card(s)
NVIDIA GeForce 330GT
Screen Resolution
1366x768
Hard Drives
Samsung 840 SSD 500GB
1TB USB3 external HD
Cooling
Coolermaster Notepal U3 notebook cooling pad
Internet Speed
3mbps ASDL
Antivirus
ClamWin 0.98.7
Browser
Opera 12.17 x86 (main), Firefox 38 (sec), IE11 (last resort)
Borg 386 said:
Yepperz. Considering that there are some sites/programs that just won't work without Java, it's looking pretty bad.

For instance, I'm running OpenOffice & that requires it. If I turn off the scripting when I go to my school site, I can't see 1/2 the stuff OR take my online tests.....:mad:

I'm really hoping the experts are wrong on this & Oracle kicks it's butt into high gear to fix this....
Click to expand...
I've only played with OpenOffice and LibreOffice but can't you disable the Java requirement by going into Tools>Options. The features disabled may not be important to you.

Separate to the above:
I forgot that I had a Java app that I use from time to time so I'm looking at the Java to exe convert tools.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build
OS
Windows 7x64 Home Premium SP1
CPU
Intel i7 2600k
Motherboard
ASUS P8Z68 Deluxe
Memory
G.Skill Ripjaws (DDR3-1600) 2x4GB
Graphics Card(s)
Nvidia GeForce GTS 450; Intel HD Graphics 3000(GT2+)
Monitor(s) Displays
Dell Ultrasharp IPS panel U2311H, Samsung SyncMaster P2350
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro SSD 256GB, Samsung SSD 840 120GB, Seagates 1TB Barracuda ST31000528AS x2
PSU
Seasonic M12II 520W
Case
Lian Li Lancool PC-K60
Cooling
Case: 1x120mm, 3x140mm CPU: Hyper 212+
Keyboard
Logitech MK520 (wireless)
Mouse
Logitech MK520
Internet Speed
6-7 Mbps
Antivirus
Norton Security Premium, Malwarebytes on 2 (MSE on 3rd PC)
Browser
FireFox
Other Info
Audio: Logitech Z523 2.1
Reading about the Java7 update11 patch yesterday it amounts to only changing the given surfing website from Medium to High security. Oracle surmise's a malicious java script will have to ask the user permission to run. Not much of a fix to me.
Ever since Oracle bought Sun, java support from them is lousy. Keep java browser disabled when possible until a "more true" fix is available. Until the next java problem. No Script extension for Firefox can help with toggling off for particular websites. IMHO
 

My Computer

OS
Windows 7 professional 64
I'm wondering why it is taking so long to fix this Java problem. Some say it might take months or even years; why
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
I think for the people asking whether their anti virus / malware software would Blocking these java exploits, the answer is No. Your particular AV /Malware solution MIGHT pick it up after infection. Maybe. Just be cautious using java on websites.
 

My Computer

OS
Windows 7 professional 64
Why not just remove all Java ?
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Lenovo Z710 #59400485
OS
Windows 8.1.1 64bit
CPU
i7-4700MQ
Memory
8.0GB PC3-12800 DDR3L SDRAM 1600 MHz
Graphics Card(s)
Intel® HD Graphics 4600
Sound Card
on-board
Monitor(s) Displays
17.3"
Screen Resolution
1920x1080
Hard Drives
1TB 5400 RPM;(OS,programs)



Hitachi, 1Tb external,(B'up)
PSU
4 Cell 41 Watt Hour Lithium-Ion
Case
Lenovo
Cooling
Air in, Air out.
Keyboard
Logitech - Y-UY95 - Illuminated
Mouse
M$ - Arc Touch
Internet Speed
59 Mb down / 25 Mb up
Antivirus
Defender
Browser
Firefox (newest)
Other Info
MBAM Pro, SAS Pro, Revo Pro.

Ext. HP 2311 Monitor
I really do not understand why there is not an alternative for it as there is for most everything else !
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Lenovo Z710 #59400485
OS
Windows 8.1.1 64bit
CPU
i7-4700MQ
Memory
8.0GB PC3-12800 DDR3L SDRAM 1600 MHz
Graphics Card(s)
Intel® HD Graphics 4600
Sound Card
on-board
Monitor(s) Displays
17.3"
Screen Resolution
1920x1080
Hard Drives
1TB 5400 RPM;(OS,programs)



Hitachi, 1Tb external,(B'up)
PSU
4 Cell 41 Watt Hour Lithium-Ion
Case
Lenovo
Cooling
Air in, Air out.
Keyboard
Logitech - Y-UY95 - Illuminated
Mouse
M$ - Arc Touch
Internet Speed
59 Mb down / 25 Mb up
Antivirus
Defender
Browser
Firefox (newest)
Other Info
MBAM Pro, SAS Pro, Revo Pro.

Ext. HP 2311 Monitor
Java has been around a few years. It has become so accepted over time that it is used in a lot if not most websites we visit that that have any complexity. There are alternatives. But they will take time for websites to implement. This is something that will be fixed eventually. For a while until the next problem. Then repeat the cycle.
The media would have you believe this is the end. It is just another software problem to fix and maintain. A very long list of those the last 10 years.
 

My Computer

OS
Windows 7 professional 64

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
With the size of Oracle, one would think that the amount of staff that they would have would be able to resolve this issue quickly and conveniently.
 

My Computer

OS
Windows 7 Ultimate x64
Motherboard
Gigabyte P57-UD3
Memory
2x 8GB RAM
Graphics Card(s)
GTX 580
Monitor(s) Displays
1x BenQ 24" 1x ViewSonic 21"
Screen Resolution
1920x1680 1280x1024
Hard Drives
1x solid state 1T
1x Solid state 500GB
Case
Shinobi Windowless
Cooling
3x Fans
Keyboard
Logitech G510
Mouse
Razer Mamba
Internet Speed
ADSL 2+
Thank's Jacee.

I disabled it as in the link you supplied. I had already disabled it in add-on's as I have FF as my main browser. I never open IE.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Lenovo Z710 #59400485
OS
Windows 8.1.1 64bit
CPU
i7-4700MQ
Memory
8.0GB PC3-12800 DDR3L SDRAM 1600 MHz
Graphics Card(s)
Intel® HD Graphics 4600
Sound Card
on-board
Monitor(s) Displays
17.3"
Screen Resolution
1920x1080
Hard Drives
1TB 5400 RPM;(OS,programs)



Hitachi, 1Tb external,(B'up)
PSU
4 Cell 41 Watt Hour Lithium-Ion
Case
Lenovo
Cooling
Air in, Air out.
Keyboard
Logitech - Y-UY95 - Illuminated
Mouse
M$ - Arc Touch
Internet Speed
59 Mb down / 25 Mb up
Antivirus
Defender
Browser
Firefox (newest)
Other Info
MBAM Pro, SAS Pro, Revo Pro.

Ext. HP 2311 Monitor
Another option, if you need Java to run a certain site is to add Quick Java to Firefox. I, unfortunately, need Java in order to see everything on the schools website...including online tests.

https://addons.mozilla.org/en-US/firefox/addon/quickjava/?src=search

Allows quick enable and disable of Java, Javascript, Cookies, Image Animations, Flash, Silverlight, Images, Stylesheets and Proxy from the Statusbar and/or Toolbar.
Click to expand...
I found this add on a real time saver as you don't have to go digging through the options every time you want to enable/disable it.

I do agree with what you're saying bdstx4. With all the negative publicity about this, I can't see Oracle taking 2 years to fix this....well, lets hope not....
 
Last edited:

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
January 13, Krebs on Security [FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]– (International) [/FONT][/FONT][FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]Oracle ships critical security update for Java. [/FONT][/FONT][FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]Oracle released an update for Java to fix the recent critical vulnerability that allowed malware to exploit computers running the program. The update also increases the default security settings for running Java applications from ‘medium’ to ‘high.’ Source: Oracle Ships Critical Security Update for Java — Krebs on Security
[/FONT][/FONT]
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Intel DZ77GA-70K
OS
Microsoft Windows 8.1 Enterprise 64-bit
CPU
Intel(R) Core(TM) i7-3770K CPU @ 4.7GHz (Overclocked)
Motherboard
Intel Corporation DZ77GA-70K, 0066 BIOS version
Memory
32 GB 12800 DDR3 Crucial Ballistix Sport
Graphics Card(s)
NVIDIA GeForce GTX 660 SC x 2 (SLI) by EVGA
Sound Card
(1) Bluetooth Hands-free Audio (2) NVIDIA High Definition
Monitor(s) Displays
LG 27" HDMI
Screen Resolution
12920 x 1080 x 32 bits (4294967296 colors) @ 60Hz
Hard Drives
Intel 120GB SSD (ATA INTEL SSDSC2CT12 SCSI Disk Device)
Western Digital Caviar Black 64M cache 2TB 7200rpm (ATA WDC WD2002FAEX-0 SCSI Disk Device), 3 x WD 150Gb 10k Velociraptor hard drives in RAID 0 (testing)
PSU
Corsair 750w fully modular
Case
Corsair 650D with perforated side panel
Cooling
3 200mm case fans, Intel liquid cooling for CPU w 120mm fans
Keyboard
Logitech backlit
Mouse
Dell
Internet Speed
11Mbps DSL
Antivirus
Windows Defender, MalWareBytes Pro and CCleaner Pro
Browser
Chrome, IE and FireFox (latest versions)
Other Info
Windows Home Server 2011 with 10 clients at home
You must log in or register to reply here.
Back
Top