You All Might Want to Disable Java

 
Post new topic   Reply to topic    Tales Series Forum Index -> General Discussion
View previous topic :: View next topic  
Author Message
Flamfas



Joined: 15 Aug 2007
Posts: 10052
Location: slaying the backlog
PostPosted: Sun Jan 13, 2013 5:30 am    Post subject: You All Might Want to Disable Java Reply with quote
http://www.us-cert.gov/cas/techalerts/TA13-010A.html

until this issue can be fixed.
_________________
Gaming in 2013:
16 Games Beaten
8 Games Added to Library
Last Update: [beat] Pushmo

72 Unbeaten Games
Target: 75 Unbeaten Games
Back to top
View user's profile Send private message MSN Messenger
Sunny



Joined: 23 Aug 2005
Posts: 9745
PostPosted: Sun Jan 13, 2013 5:47 am    Post subject: Reply with quote
I DISABLED JAVA NOW I CAN'T USE YOUTUBE!!

HELP???!

On a serious note, what does it mean when they say that "an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process"?
_________________
Support XSEED | Listen to Falcom music | Do life the right way

It's not that I'm above the law. It's just that the law is beneath me.
Back to top
View user's profile Send private message Send e-mail
Flamfas



Joined: 15 Aug 2007
Posts: 10052
Location: slaying the backlog
PostPosted: Sun Jan 13, 2013 5:55 am    Post subject: Reply with quote
I think they mean, you could simply open a webpage, and if your Java plug-in was enabled, an attacker could use the vulnerability to gain access to your computer. Through nothing more than you opening the webpage. Which is a bit different than most virus type things, as they usually involve you being tricked into downloading or enabling something ...

I don't completely know for sure, but I think that's the case.
_________________
Gaming in 2013:
16 Games Beaten
8 Games Added to Library
Last Update: [beat] Pushmo

72 Unbeaten Games
Target: 75 Unbeaten Games

Last edited by Flamfas on Sun Jan 13, 2013 5:57 am; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
Taiyz



Joined: 01 May 2004
Posts: 17893
Location: Canada, Yes, where assassins try to murder our Prime Minister with plastic knives from KFC!
PostPosted: Sun Jan 13, 2013 5:56 am    Post subject: Reply with quote
I use Java 6. Which is probably generally more vulnerable but whatever.
_________________

Dr Pepper.
It's an intellectual drink, for the chosen ones.
Back to top
View user's profile Send private message MSN Messenger
Drake



Joined: 09 Feb 2005
Posts: 12702
PostPosted: Sun Jan 13, 2013 7:18 am    Post subject: Reply with quote
The exploit for Java 7 appeared because they didn't fix things they needed to in 6. It's present, but is probably not as risky.

Flamfas, all you would need to do is open the webpage if the applet was present, since it's all about how the applet is loaded by the Java plugin. The plugin runs the Java environment that exists on your system, so if you can bypass access restrictions to the user's system you could potentially run Java code on their system rather than just locally on the webpage through the plugin like an applet normally does.

But this doesn't really mean any random site is going to have an attacking applet. Basically nowhere uses applets anymore to begin with so it does have to be pretty specific. In any case, mainly you want to disable the Java plugin if you're often on websites that might have a bunch of third-party ads and other embedded things, which might be exploitable.
_________________
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Sânta Claus



Joined: 24 Dec 2012
Posts: 366
PostPosted: Sun Jan 13, 2013 3:27 pm    Post subject: Reply with quote
Sunny wrote:
I DISABLED JAVA NOW I CAN'T USE YOUTUBE!!

HELP???!

On a serious note, what does it mean when they say that "an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process"?
I didn't even read any of this

your signature

my god



it's beautiful
_________________

Don't bro me if you don't know me.
Back to top
View user's profile Send private message
Skythe



Joined: 17 Jan 2005
Posts: 11415
Location: The real battle is not of power, but of will.
PostPosted: Sun Jan 13, 2013 3:47 pm    Post subject: Reply with quote
thread derailer extraordinaire
_________________

[12/4/2009 10:59:17 PM] thingrue: skythe did you routinely huff paint thinner as a child
Back to top
View user's profile Send private message Visit poster's website
Sânta Claus



Joined: 24 Dec 2012
Posts: 366
PostPosted: Sun Jan 13, 2013 3:55 pm    Post subject: Reply with quote
do something about it
_________________

Don't bro me if you don't know me.
Back to top
View user's profile Send private message
Flamfas



Joined: 15 Aug 2007
Posts: 10052
Location: slaying the backlog
PostPosted: Sun Jan 13, 2013 5:14 pm    Post subject: Reply with quote
Figured Drake would stop by. Thanks!! Sounds like it's not too huge a vulnerability, but I am still keeping my java disabled for now.
_________________
Gaming in 2013:
16 Games Beaten
8 Games Added to Library
Last Update: [beat] Pushmo

72 Unbeaten Games
Target: 75 Unbeaten Games
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Tales Series Forum Index -> General Discussion All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




Powered by phpBB © 2001, 2005 phpBB Group