Results 1 to 9 of 9

Thread: Java security flaw

  1. #1
    Senior Member flynnaus's Avatar
    Join Date
    May 2008
    Location
    Sydney
    Posts
    4,125

    Exclamation Java security flaw

    Gene Cafe Coffee Roaster $850 - Free Beans Free Freight
    This might belong in the CS RoastMonitor thread.

    "Computer users are being advised by security experts to disable Oracle's widely used Java software after a security flaw was discovered in the past day that they say hackers are exploiting to attack computers

    .....

    Security experts said the risk of attack is currently high because developers of several popular tools known as exploit kits that criminals use to attack PCs have added software that allows hackers to exploit the newly discovered bug in Java to attack computers"

    Read more:
    http://www.smh.com.au/it-pro/securit...111-2ckog.html

    As the CS Roast monitor software uses Java, not much point in disabling it but I don't need to use my roasting PC to connect to the net so I might disconnect until further notice.
    However, there are a zillion other websites that use the java plugin. Could it be a worry?

  2. #2
    Senior Member flynnaus's Avatar
    Join Date
    May 2008
    Location
    Sydney
    Posts
    4,125
    Update: Oracle, the company behind Java, said it would issue a fix Tuesday with "86 new security vulnerability fixes."

    Read more: Computers users being urged to disable Java in Web browsers over flaw - UPI.com
    Last edited by flynnaus; 12th January 2013 at 08:58 PM.

  3. #3
    Senior Member speleomike's Avatar
    Join Date
    Nov 2005
    Location
    Sydney
    Posts
    942
    Hi

    A better reference to read is here: AusCERT - ESB-2013.0067 - ALERT [Win][UNIX/Linux] Oracle Java: Execute arbitrary code/commands - Remote with user interaction
    To be exploited you would still need to be visiting a site that intentionally (or unintentionally as it had been hacked) was hosting software that used this exploit and you downloaded or ran an applet from there. You could do a lot of your normal browsing habits without being worried by this until patches come out. For now though disabling Java in your browser is sufficient. However it took me a good 10 mins to work out how, the average person ain't gonna do this :-) In the meantime continue to roast coffee with the CS Roast software. That will still be fine with Java in the browser disabled. Oh and Oracle knew about this problem back in October 2012.

    Mike
    Last edited by speleomike; 12th January 2013 at 11:01 PM.

  4. #4
    Senior Member flynnaus's Avatar
    Join Date
    May 2008
    Location
    Sydney
    Posts
    4,125
    Don't you mean 'more comprehensive'? I think the news reports I posted are simple to understand even if overly cautious
    (1) Be careful of Java
    (2) There is a new version of Java coming out on Tuesday

    I work for a major ISP and I never underestimate the propensity of Internet users to get themselves in trouble. However, users are generally much more savvy than when I started out as an ISP phone jockey in 1998.

    There are plenty of people who visit sites that expose them to the risks you mentioned (porn, pirated media downloads, so-called free software, etc). There are plenty of people who don't have the inclination, time or understanding to work out how vulnerable they are.

  5. #5
    Senior Member Yelta's Avatar
    Join Date
    Jun 2009
    Location
    Moonta SA.
    Posts
    7,029
    Morning Flynn, correct me if I'm wrong, I get the impression there is so much on a PC that runs/relies on Java that disabling it will just about kneecap your system.

  6. #6
    Senior Member
    Join Date
    Nov 2012
    Posts
    206

    Re: Java security flaw

    Quote Originally Posted by Yelta View Post
    Morning Flynn, correct me if I'm wrong, I get the impression there is so much on a PC that runs/relies on Java that disabling it will just about kneecap your system.
    No, that's not correct. Very few programs rely on Java these days, and even fewer websites. Java is not to be confused with Javascript, which IS used widely on the Web, but is not affected by the same vulnerabilities.

    Most PCs run fine without Java. Of the six I have floating around here only one has Java installed, and only because it is running a program requiring Java (like the roast monitor?). I would suggest un installing Java. If you do have a program or site that requires Java, it will ask you to re-install it next time you run that application. :-)

  7. #7
    Senior Member flynnaus's Avatar
    Join Date
    May 2008
    Location
    Sydney
    Posts
    4,125
    Quote Originally Posted by fruity View Post
    No, that's not correct. Very few programs rely on Java these days, and even fewer websites.
    Probably a few more than you think eg QT, WMP and Flash movies.
    Anyway, just alerting the security warning for those who have Java installed to run the RoastMonitor. Speleomike is right that there probably isn't that to worry about but if in doubt, disable the Java plugin for your browser and wait until Oracle release the patched version.

  8. #8
    Senior Member
    Join Date
    Nov 2012
    Posts
    206

    Java security flaw

    Quote Originally Posted by flynnaus View Post
    Probably a few more than you think eg QT, WMP and Flash movies.
    Anyway, just alerting the security warning for those who have Java installed to run the RoastMonitor. Speleomike is right that there probably isn't that to worry about but if in doubt, disable the Java plugin for your browser and wait until Oracle release the patched version.
    No, they often use JavaScript, which is NOT Java. I'm sure you could use a Java applet to display video with QT/WMP/Flash, but it would be a horribly round-about way to do it!

    As I said, Java use on websites is decreasing, in favour of built-in functions like HTML5 or JavaScript. Try uninstalling it: I'd be surprised if you actually need it for any of your regular websites. Even server-side Java usage is quite low (4%) and that typically delivers Java functionality to end-users without requiring the Java runtime environment on the client machine (thus reducing the security risk).

  9. #9
    Senior Member Yelta's Avatar
    Join Date
    Jun 2009
    Location
    Moonta SA.
    Posts
    7,029
    Quote Originally Posted by fruity View Post
    Try uninstalling it: I'd be surprised if you actually need it for any of your regular websites.
    May just try that, notice it takes up 128mb of HD space, if it;s not needed why leave it there?



Similar Threads

  1. From Somewhere in Java
    By Derkdigler in forum General Coffee Related...
    Replies: 0
    Last Post: 28th January 2006, 07:33 AM
  2. Java
    By FrenchBean in forum General Coffee Related...
    Replies: 3
    Last Post: 25th October 2004, 05:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •