| |
|
01-12-2013, 03:18 PM
|
#1 |
|
synk-ism
Join Date: Nov 2003
Location: throughout the Wired
Posts: 6,857
|
"Stop using Java in the browser", warns Homeland Security.
EDIT/Point to Note: This has nothing to do with Javascript!
A security flaw in Java that allows for execution of malicious code has prompted for disabling Java in any/all web browsers. edit -- In case the articles may give the wrong impression, this doesn't mean simply running Java applets breaks your machine. While it's true that security-minded organizations and professionals haven't been happy with the idea of a run-time environment given all that freedom in a browser, typically the idea is that it is run in a sort of "sandbox" setting. Malicious code, however, is able to escalate the privileges allowed due to this weakness, potentially gaining root/admin access in the worst case. But that's kind of typical for malicious code that users download and run. Java is cross-platform, mind you, so its flaw is susceptible regardless of your computers' operating systems. Of course you can disable it easily in your browsers. Especially with the latest version. Note that this is not the end of Java, nor does it mean you should stop all interactions with Java. I rarely if ever do much on the web with Java applets, but I have worked with Tomcat and Java code on projects before. That kind of thing, of course, is fine -- it's not like writing a program or interface, etc. on your own development machine or in a company setting is going to somehow suddenly introduce malicious code. The vulnerability more or less originates where most of them do -- at the download, acceptance, and execution of malicious code by the user. As always, don't open attachments/emails you don't recognize or trust, don't follow download links you cannot verify, don't run into "bad" websites, and only run applets, scripts, and the like on sites you feel are trustworthy. All that said, Oracle is reported to be pushing a fix for this. It (Java updates for security) may become something to keep on top of more regularly, but Java is probably here to stay for a while. You may just not want to run it in your browsers anymore. As I mentioned, I very rarely come across applets in pages that I frequent or have a need for them, so I have Java disabled in browsers on my machines.
__________________
 Find love.
Last edited by synkr0nized; 01-12-2013 at 03:26 PM. |
|
|
|
01-15-2013, 04:57 PM
|
#2 |
|
synk-ism
Join Date: Nov 2003
Location: throughout the Wired
Posts: 6,857
|
in case anyone is actually reading this thread
So far, Oracle has released a minor update that changes the default security setting from Medium to High.
In effect, this forces a user to manually click to allow/run an applet. It doesn't really address the issue if a user still chooses to run an applet with malicious code. Arguably it's just adding an additional step between a user and getting owned by Java. So I'd still recommend disabling it unless you are really keen on Java applets.
__________________
Find love.
|
|
|
|
|
01-15-2013, 05:46 PM
|
#3 |
|
Not a Taco
Join Date: May 2005
Posts: 3,313
|
There is just little to say.
I'm reading it.
__________________
I did a lot of posting on here as a teenager, and I was pretty awful. Even after I learned, grew up, and came to be on the right side of a lot of important issues, I was still angry, abrasive, and generally increased the amount of hate in the world, in pretty unacceptable ways. On the off chance that someone is taking a trip down memory lane looking through those old threads, I wanted to devote my signature to say directly to you, I'm sorry. Thank you for letting me be better, NPF. |
|
|
|
 |
|
|
Linear Mode
