HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Kill that Java plugin now...

Thu Jan 10, 2013, 06:06 PM

Kill that Java plugin now! New 0-day exploit running wild online

Source: The Register

A new Java zero-day security vulnerability is already being actively exploited to compromise PCs. The best way to defend against the attacks is to disable any Java browser plugins on your systems.

The offending bug is present in fully patched and up-to-date installations of the Java platform, now overseen by database giant Oracle, according to Jaime Blasco, head of labs at security tools firm AlienVault.

"The exploit is the same as the zero-day vulnerabilities we have been seeing in the past year in IE, Java and Flash," Blasco warned.

"The hacker can virtually own your computer if you visit a malicious link thanks to this new vulnerability. At the moment, there is no patch for this vulnerability, so the only way to protect yourself is by disabling Java."

Read more: http://www.theregister.co.uk/2013/01/10/java_0day/



I suspect as java is largely OS agnostic, so is the exploit...

67 replies, 8859 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 67 replies Author Time Post
Reply Kill that Java plugin now! New 0-day exploit running wild online (Original post)
Bosonic Jan 2013 OP
99th_Monkey Jan 2013 #1
Bosonic Jan 2013 #2
Voice for Peace Jan 2013 #4
Bosonic Jan 2013 #6
Voice for Peace Jan 2013 #24
KareBear Jan 2013 #47
Voice for Peace Jan 2013 #64
FreeBC Jan 2013 #3
William Seger Jan 2013 #23
enlightenment Jan 2013 #5
muriel_volestrangler Jan 2013 #8
enlightenment Jan 2013 #16
cbrer Jan 2013 #7
pscot Jan 2013 #9
Xithras Jan 2013 #48
CountAllVotes Jan 2013 #54
pscot Jan 2013 #59
Earth Bound Misfit Jan 2013 #67
MynameisBlarney Jan 2013 #10
sendero Jan 2013 #11
Jim Lane Jan 2013 #13
RebelOne Jan 2013 #19
Jim Lane Jan 2013 #20
Turborama Jan 2013 #21
defacto7 Jan 2013 #26
Squinch Jan 2013 #12
marble falls Jan 2013 #14
pam4water Jan 2013 #15
FreeBC Jan 2013 #17
kestrel91316 Jan 2013 #18
Ratty Jan 2013 #22
kestrel91316 Jan 2013 #55
defacto7 Jan 2013 #27
RebelOne Jan 2013 #53
kestrel91316 Jan 2013 #56
RebelOne Jan 2013 #65
SCVDem Jan 2013 #25
defacto7 Jan 2013 #28
freeplessinseattle Jan 2013 #29
left on green only Jan 2013 #30
66 dmhlt Jan 2013 #31
left on green only Jan 2013 #36
dixiegrrrrl Jan 2013 #40
Coyotl Jan 2013 #33
left on green only Jan 2013 #35
dixiegrrrrl Jan 2013 #41
steve2470 Jan 2013 #32
MineralMan Jan 2013 #34
DeschutesRiver Jan 2013 #50
bananas Jan 2013 #62
DeschutesRiver Jan 2013 #63
Bosonic Jan 2013 #37
ellenfl Jan 2013 #38
Bosonic Jan 2013 #39
dixiegrrrrl Jan 2013 #42
Bosonic Jan 2013 #43
dixiegrrrrl Jan 2013 #49
meow2u3 Jan 2013 #45
RainDog Jan 2013 #44
Xithras Jan 2013 #46
CountAllVotes Jan 2013 #52
DeschutesRiver Jan 2013 #57
and-justice-for-all Jan 2013 #60
CountAllVotes Jan 2013 #51
nc4bo Jan 2013 #58
AverageJoe90 Jan 2013 #61
Eugene Jan 2013 #66

Response to Bosonic (Original post)

Thu Jan 10, 2013, 06:10 PM

1. This says "PCs". Does that include Macs too, or not? ~nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to 99th_Monkey (Reply #1)

Thu Jan 10, 2013, 06:12 PM

2. very probably

from Experts urge PC users to disable Java, cite security flaw

...
"Moore said machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack."
...

http://www.reuters.com/article/2013/01/10/us-java-security-idUSBRE90919X20130110

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Reply #2)

Thu Jan 10, 2013, 06:15 PM

4. how do you disable java

??

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Voice for Peace (Reply #4)

Thu Jan 10, 2013, 06:17 PM

6. There's a link at the bottom of the article

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Reply #6)

Thu Jan 10, 2013, 09:05 PM

24. ok thanks - it doesn't mention Macs -- but under my Firefox preferences for content

there's an option to enable Java or not.. we'll see

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Voice for Peace (Reply #24)

Fri Jan 11, 2013, 05:15 PM

47. Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat

Reply to this post

Back to top Alert abuse Link here Permalink


Response to KareBear (Reply #47)

Sat Jan 12, 2013, 01:55 AM

64. ooh goody, thanks

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 06:12 PM

3. Um, aren't there ALWAYS zero day viruses out there?

 

What's the difference here?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to FreeBC (Reply #3)

Thu Jan 10, 2013, 08:23 PM

23. Yes

"Zero day" just means that it's new, so there's no patch yet.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 06:15 PM

5. All the links on the Register article

go to articles posted in August of 2012.

Is this new? If so, why are all the links going to old information?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to enlightenment (Reply #5)

Thu Jan 10, 2013, 06:31 PM

8. It's a new version of an old problem

Reply to this post

Back to top Alert abuse Link here Permalink


Response to muriel_volestrangler (Reply #8)

Thu Jan 10, 2013, 07:28 PM

16. Ah. Thanks.

B*gger. Our LMS (online course provider) requires Java to operate and the semester starts in a week and a half (and of course my classes are far from ready to launch).

Guess I need to actually start using NoScript in a serious way.

I have the flu. I do not want to deal with this right now.
*whinge, moan, complain*

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 06:28 PM

7. 'Preciate the heads up. nt

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 06:55 PM

9. What can this actually DO to my PC?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to pscot (Reply #9)

Fri Jan 11, 2013, 05:18 PM

48. Right now it's being used to distribute the Reveton malware.

Reveton has been around a while, and it's more of a pain in the ass than a real danger. Basically, it locks your computer up tight, prevents you from accessing your files, and pastes a nasty message on screen that prevents you from clicking or opening anything. The message usually carries some variant of a message claiming that your PC has child pornography, pirated files, or something like that on it. It tells you that you've been fined a small amount (usually a few hundred dollars), and that if you wire your "fine" to the FBI, they'll send you an unlock code to give you access to your computer again. Luckily, most newbie techs can remove it in about 30 minutes anyway.

It goes without saying that the money doesn't go to the FBI, and you'll never get that unlock code.

Reveton itself doesn't pull your data or invade your privacy, but simply tries to scam you out of money. Thing is, Reveton COULD easily do anything it wanted, as it ends up controlling your system. It doesn't do so simply because that's not the scam they're running. If they change the scam, or if another outfit uses the exploit for something else, the your personal privacy can go out the window in a heartbeat. That's why it's a danger.

By the way, what this article DOESN'T mention is that Reveton is primarily distributed through shady eastern European porn sites. They'll put up a "free gallery" site, link it into a western Gallery Post site (basically, sites where other porn sites advertise themselves to get traffic) and lure unsuspecting clickers in (a browser can't tell the difference between an American and Russian .com site). Someone comes in, looks at an image or two, and the virus installs itself and locks the computer down.

If you don't browse random free porn sites and don't click anonymous links in emails, the odds of you getting this virus are actually very low.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Xithras (Reply #48)

Fri Jan 11, 2013, 06:19 PM

54. I don't browse random free porno sites etc.

But damn, my ThinkPad has this on it.

I'm on my desktop now and it is ok however.

BUT, I'm screwed as I use the ThinkPad 99% of the time.

Ran SuperAntiSpyware, now got a virus check going, have cleared caches, etc.

ThinkPad is major messed up. Why? I don't know.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Xithras (Reply #48)

Fri Jan 11, 2013, 08:56 PM

59. Thanks for responding

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Xithras (Reply #48)

Sun Jan 13, 2013, 09:31 AM

67. Great post, ty!

FYI if you're interested: a detailed analysis of this latest exploit:

http://joe4security.blogspot.com/
http://www.joesecurity.org/reports/report-237f8ffc0c24191c5bb7bd9099802ee4.html


This is actually 2 bugs in 1 (http://www.kb.cert.org/vuls/id/625617)
The miscreants found a way around the previous Oracle "patch" (October '12) of a bug reported in Aug '12:
http://www.kb.cert.org/vuls/id/636312#solution

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 06:59 PM

10. Thank you!

Luckily, mine is disabled.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 07:00 PM

11. Like most articles of this ilk..

.... it does not discuss the implications of turning off Java, it acts like it is like turning off a toaster.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to sendero (Reply #11)

Thu Jan 10, 2013, 07:12 PM

13. Good point. What ARE the implications of turning off Java?

Does it mean that some of my programs will fail to run? which ones? Can I still use a browser to read email and surf DU?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Jim Lane (Reply #13)

Thu Jan 10, 2013, 07:40 PM

19. There are a lot of game you need Java for.

I am reluctant to turn off my Java because I play many games on Pogo.com that require Java.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RebelOne (Reply #19)

Thu Jan 10, 2013, 07:48 PM

20. But that would apply only to games you access through a browser, right?

If you download and install the game's own software, and play the game by clicking on the resulting icon on your desktop, then I'm guessing you're safe (unless the game's developers are crooked or incompetent). I ask because I play such a game.

Alas, I'm only guessing here. I'd welcome clarification from someone who actually knows this area.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Jim Lane (Reply #13)

Thu Jan 10, 2013, 07:53 PM

21. If I turn off Java on my phone some of the tabs on DU don't work

So DU does lose some of it's functionality.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Jim Lane (Reply #13)

Thu Jan 10, 2013, 09:25 PM

26. Many sites run java applications and plugins.

You may not be able to see some videos, some sites will be skewed a bit, others will not allow you to make comments or use buttons. It just depends on the site. A lot of comment, news and blogging sites are full of java.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 07:03 PM

12. Thank you for this.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 07:16 PM

14. One more reason we geezers have a love hate think with these internet machines. I keep ....

my virus/malware protections upgraded. I also know that I need Java. I am a computer truck driver. I know what a super charger is and does but I cannot tear one down. Compound that with dyslexia. I would rather contact Oracle and download a patch. Is this possible yet?

I wondered why I got an extra jelping of phishing junk mail today. Thanks and help.......

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 07:23 PM

15. I'd go with getting the noscripts plug-in for firefox and not clicking on any unknown links.

Until the security hole gets patched. It looks like you have to click on a malicious link before you can get affected.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to pam4water (Reply #15)

Thu Jan 10, 2013, 07:28 PM

17. that's what I do, but it's too complicated for normals.

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 07:35 PM

18. Why do I even NEED Java on my computer?? What does it actually do for me??

Reply to this post

Back to top Alert abuse Link here Permalink


Response to kestrel91316 (Reply #18)

Thu Jan 10, 2013, 08:16 PM

22. Almost certainly nothing

I'm a java programmer and I've had java turned off in my browsers for years. I have never missed it. Couple that with the fact that nowdays when you try and update Java, Oracle tries to cram new toolbars and crapware onto your machine. No thank you.

It started with the fact that Java was annoying. A lot of web sites started using it for distracting animated ads (the same reason I use flashblock nowdays). I turned it off as an experiment and was delighted to discover I never missed it.

Seriously. Turn it off, don't worry about it. You won't miss it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ratty (Reply #22)

Fri Jan 11, 2013, 07:31 PM

55. I did. And because I can't remember even a day later how I did it, I can't turn it back on.

That's a WIN for declining short-term memory.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to kestrel91316 (Reply #18)

Thu Jan 10, 2013, 09:30 PM

27. I'm all for turning it off but,

there a lot of stuff on sites that don't work without it. One good thing is that turning it off stops the hated quantserve hangs. Ad software use java applets and most info seeking pests.

I turn it on and off all the time... (Firefox)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to kestrel91316 (Reply #18)

Fri Jan 11, 2013, 06:14 PM

53. If you play games on different sites, you need Java. n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RebelOne (Reply #53)

Fri Jan 11, 2013, 07:32 PM

56. I don't. I only play the mahjongg that came with Windows 7.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to kestrel91316 (Reply #56)

Sat Jan 12, 2013, 12:24 PM

65. I play at only one game site and some of the games cannot be played without Java. n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 09:06 PM

25. There is nothing in this post

which has a shred of credibility.

No links or attribution.

Sounds like Fox and a fear campaign!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to SCVDem (Reply #25)

Thu Jan 10, 2013, 09:33 PM

28. Except for the one above.

post #8

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 10:14 PM

29. I just had to reinstall Windows the other day

My pc had been acting funny and even just shutting off with some pics and animation, and I tried all kinds of diagnostics but no answer. Reinstalling adobe didn't help, either, now I know why, and when I reinstalled windows it took 5 frickin' tries-kept shutting off right when it went from "preparing installion" to "installing".

Fortunately I can read DU from my phone, or I would have really been tearing my hair out.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Thu Jan 10, 2013, 10:51 PM

30. Information help, Please

Today I received an Adobe Reader Update notification prompting me to click on and install update 10.1.4. Does anyone know if this update in any way relates to the Java issue? Many thanks in advance for enlightening me.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to left on green only (Reply #30)

Fri Jan 11, 2013, 11:06 AM

31. No relation at all ...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to 66 dmhlt (Reply #31)

Fri Jan 11, 2013, 01:31 PM

36. Many thanks for your turning me on to something that is better

Reply to this post

Back to top Alert abuse Link here Permalink


Response to 66 dmhlt (Reply #31)

Fri Jan 11, 2013, 02:45 PM

40. FWIW...the free Calibre program has a great reader in it, too.

And my Linux default opens pdf via Document reader.
So I am able to by pass Adobe most of the time.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to left on green only (Reply #30)

Fri Jan 11, 2013, 12:54 PM

33. There is a malware posing as an Adobe reader update.

I'm in the habit of not using pop-up windows to update anything. My preference require a prompt for some updates, but I go to the domains directly when I do it manually.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Coyotl (Reply #33)

Fri Jan 11, 2013, 01:29 PM

35. Many thanks for your thoughtful information

As it turned out, your exact thought had occurred to me on my own, almost immediately after I clicked on the "Adobe" pop-up window. So very soon afterwards, I went and used the "revert computer back to an earlier time" function and back tracked by one day. Immediately after I did that, the Adobe update icon appeared again in my bottom tray. So I am guessing that my reversal was a success.

You'd think I would have learned by now. All of a sudden I remembered back to a while ago when I began receiving a ton of pop up windows from Yahoo (whose mail service I use) telling me to click on their pop-up to download the latest "update" from Firefox. At that time, it occurred to me to ask myself, "Why is Yahoo repeatedly sending me pop-ups to download an improvement for the software of someone else?" So I went right to the Firefox site and verified that I was already running the latest version of their software.

My conclusion was that Yahoo was trying to fool me into downloading something that would permit them to cram more of their frigging advertising down my throat.

From now on, I will never download a software update again, unless it comes directly from the internet site of the owner of that software.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to left on green only (Reply #35)

Fri Jan 11, 2013, 02:58 PM

41. Major reason I disable pop up windows in my browsers.

I can choose to enable the pop up if I really need it, rarely have to tho.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Fri Jan 11, 2013, 11:15 AM

32. Experts advice disabling of Java browser plugin

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Fri Jan 11, 2013, 01:05 PM

34. On DU, disabling Java will stop

the display of the reply post title list when you click the "Replies to me" numbers in My Posts. I haven't found anything else that doesn't work, yet, after disabling it in Chrome.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to MineralMan (Reply #34)

Fri Jan 11, 2013, 05:20 PM

50. I disabled it in FoxFire, and wasn't able to respond to a DU jury service request without it.

Took me a minute to understand what was happening, as I have dialup and there are lots of times I try to respond to things, but can't because it has slowed everything online to a crawl.

This time I remembered, turned the java back on and immediately could accept the jury summons.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to DeschutesRiver (Reply #50)

Sat Jan 12, 2013, 12:38 AM

62. Are you guys disabling Java or JavaScript?

They're different.
DU uses javascript, but I don't think it uses Java at all.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Reply #62)

Sat Jan 12, 2013, 12:49 AM

63. Turns out I'd disabled javascript, not Java.

After reading another post, I enabled my javascript again.

Then I checked at Java.com and there was no Java found. I am computer illiterate, fact. But now I sort of know a little bit of something that I didn't know before, so it's all good

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Fri Jan 11, 2013, 01:33 PM

37. U.S. warns on Java software as security concerns escalate

(Reuters) - The U.S. Department of Homeland Security urged computer users to disable Oracle Corp's Java software, amplifying security experts' prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web.

Hackers have figured out how to exploit Java to install malicious software enabling them to commit crimes ranging from identity theft to making an infected computer part of an ad-hoc network of computers that can be used to attack websites.

"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's Computer Emergency Readiness Team said in a posting on its website late on Thursday.

"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," the agency said. "To defend against this and future Java vulnerabilities, disable Java in Web browsers."

http://www.reuters.com/article/2013/01/11/us-java-security-idUSBRE90A0S320130111

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Reply #37)

Fri Jan 11, 2013, 02:13 PM

38. crap! i need it for work. govt websites critical to my job run on java.

i use forefox. can i just enable/disable when needed?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ellenfl (Reply #38)

Fri Jan 11, 2013, 02:22 PM

39. yes

There is a plugins sections of the addons page which lets you enable/disable java...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ellenfl (Reply #38)

Fri Jan 11, 2013, 03:11 PM

42. In Fire fox, go to

"Edit" > "preferences"> " content" where you will find an "enable Java Script" box to uncheck.
fast and easy to re-check it for things you really need.

I have it off almost all the time.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dixiegrrrrl (Reply #42)

Fri Jan 11, 2013, 03:14 PM

43. javascript != java

two different things.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Reply #43)

Fri Jan 11, 2013, 05:18 PM

49. eerrkk....u r right....

sorry.....

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ellenfl (Reply #38)

Fri Jan 11, 2013, 04:18 PM

45. Firefox 17/18 blocked Java

I run Firefox and checked my add-ons tab. When I clicked on plug-ins, I found out that Firefox blocked Java until a fix is available because it's vulnerable. I have to play Pogo on IE9--the only time I'm using IE.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Fri Jan 11, 2013, 03:37 PM

44. Java is disabled on my browser(s)

For the last month, whenever I click on (most) pages to read something while using Firefox, I get a drop down box that says "Java script error" and something about syntax, with an "ok" button to click.

I have to click this button, sometimes six times in a row, to unfreeze Firefox. I can't make this stop happening.

As a result, I'm using Chrome more and more.

Does this happen to anyone else?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Fri Jan 11, 2013, 05:03 PM

46. Everyone make sure you're blocking JAVA, and not JAVASCRIPT

I'm seeing a lot of comments about lost functionality here that sounds like people are disabling Javascript. In spite of the similar names, they two are NOT the same technology. More importantly, if you turn off Javascript, or simply disable scripting, it will NOT disable Java, which means that your computer will still be vulnerable to the virus.

Also, everyone should be aware that many modern antivirus applications are ALREADY blocking this exploit. I'm running the latest TrendMicro patch, which already has protections in place for this virus. If you have antivirus software in place, I would suggest that you check their site and update it FIRST. You may only need to get a definitions update to protect yourself.

If not, here's how you block the virus on Windows....

IE9: Gear Icon > Internet Options > Programs > Mange AddOns. Click on the Java Helper from Sun Microsystems, and click the Disable button.

Chrome: No need to disable anything. Chrome disables Java by default. Whenever a page wants to use it, Chrome will ask you whether you want to permit it. Just say NO until this problem is patched.

Firefox: Firefox > Add Ons. Click the Plugins tab. Find the Java Platform plugin, and click the Disable button.

Mac Users: Yes, you're vulnerable. The exploit is currently only being used to distribute the Reveton virus to PC's, but they could potentially release a virus for the Mac at any time. Unless you need Java for something, there's no reason to leave your computer exposed. Firefox and Chrome instructions are the same as the PC.

To disable Java on Safari, click Safari > Preferences. Click the Security button, and uncheck the Enable Java checkbox.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Xithras (Reply #46)

Fri Jan 11, 2013, 05:52 PM

52. thanks

not sure how f'd up I am yet from this damned thing!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Xithras (Reply #46)

Fri Jan 11, 2013, 07:39 PM

57. Thanks, I didn't understand before that there was a difference. nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Xithras (Reply #46)

Fri Jan 11, 2013, 10:22 PM

60. That was helpful, thanks!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Fri Jan 11, 2013, 05:48 PM

51. ugh

I think I got "it".

Have disabled Java running SuperAntispyware.

Laptop was trying to run a wireless connection but I have a DSL connection.

OH WHAT A MESS!!!!!

Updated Firefox ... Fu ... KKKKKKK!!!!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Fri Jan 11, 2013, 07:39 PM

58. Thanks for the heads up.......

I disabled my Java crap a long time ago but will certainly pass the word!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Fri Jan 11, 2013, 11:42 PM

61. What about Ubuntu? n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bosonic (Original post)

Sat Jan 12, 2013, 02:58 PM

66. Oracle Corp to fix Java security flaw "shortly"

Source: Reuters

Oracle Corp to fix Java security flaw "shortly"

By Jim Finkle
BOSTON | Sat Jan 12, 2013 1:15pm EST

(Reuters) - Oracle Corp said it is preparing an update to address a flaw in its widely used Java software after the U.S. Department of Homeland Security urged computer users to disable the program in web browsers because criminal hackers are exploiting a security bug to attack PCs.

"A fix will be available shortly," the company said in a statement released late on Friday.

Company officials could not be reached on Saturday to say how quickly the update would be available for the hundreds of millions of PCs that have Java installed.

The Department of Homeland Security and computer security experts said on Thursday that hackers figured out how to exploit the bug in a version of Java used with Internet browsers to install malicious software on PCs. That has enabled them to commit crimes from identity theft to making an infected computer part of an ad-hoc computer network that can be used to attack websites.

-snip-


Read more: http://www.reuters.com/article/2013/01/12/us-usa-java-security-idUSBRE90B0EX20130112

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread