HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Oracle Corp to fix Java s...
Introducing Discussionist: A new forum by the creators of DU

Sun Jan 13, 2013, 09:57 AM

Oracle Corp to fix Java security flaw "shortly"

Source: Chicago Tribune

BOSTON (Reuters) - Oracle Corp said it is preparing an update to address a flaw in its widely used Java software after the U.S. Department of Homeland Security urged computer users to disable the program in web browsers because criminal hackers are exploiting a security bug to attack PCs.

"A fix will be available shortly," the company said in a statement released late on Friday.

Company officials could not be reached on Saturday to say how quickly the update would be available for the hundreds of millions of PCs that have Java installed.

The Department of Homeland Security and computer security experts said on Thursday that hackers figured out how to exploit the bug in a version of Java used with Internet browsers to install malicious software on PCs. That has enabled them to commit crimes from identity theft to making an infected computer part of an ad-hoc computer network that can be used to attack websites.


Read more: http://articles.chicagotribune.com/2013-01-12/business/sns-rt-us-usa-java-securitybre90b0ex-20130112_1_java-software-java-browser-plug-ins-computer-security-experts



It's going to be interesting to eventually find out where the real risk was coming from, to warrant a Government warning.

23 replies, 2757 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 23 replies Author Time Post
Reply Oracle Corp to fix Java security flaw "shortly" (Original post)
brooklynite Jan 2013 OP
dipsydoodle Jan 2013 #1
hobbit709 Jan 2013 #2
UTUSN Jan 2013 #3
getting old in mke Jan 2013 #5
UTUSN Jan 2013 #6
Gore1FL Jan 2013 #10
UTUSN Jan 2013 #11
Gore1FL Jan 2013 #14
Bernardo de La Paz Jan 2013 #12
high density Jan 2013 #13
Gore1FL Jan 2013 #15
Sekhmets Daughter Jan 2013 #4
AllyCat Jan 2013 #7
Sekhmets Daughter Jan 2013 #17
RebelOne Jan 2013 #19
brooklynite Jan 2013 #8
Sekhmets Daughter Jan 2013 #16
davidwparker Jan 2013 #22
Sekhmets Daughter Jan 2013 #23
AllyCat Jan 2013 #21
Purveyor Jan 2013 #9
brooklynite Jan 2013 #18
cbayer Jan 2013 #20

Response to brooklynite (Original post)

Sun Jan 13, 2013, 10:01 AM

1. I'll laugh if its related in any shape or form to Stuxnet

coming back to bite.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to brooklynite (Original post)

Sun Jan 13, 2013, 10:10 AM

2. "Shortly" Yeah, right.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to brooklynite (Original post)

Sun Jan 13, 2013, 10:11 AM

3. LOW-tech here: I learned in Googling that I had Java 6 & should not have been running

anything previous to Java 7, which is the affected program. See below for a DUer's recommendations for uninstalling Java 6, which I have now done (64 bit). I did NOT see any JavaSCRIPT that we are told NOT to disable/uninstall for use in DU.

So far, I haven't seen any differences: Am able to REC DU threads, haven't tried YouTubes yet, don't know whether I can respond to DU jury yet.

QUESTION: With the Java fix coming, now that I have UNinstalled Java 6, should I install 7 NOW and disable it pending the fix? Or wait and do it together with the fix?

Here's from the Computer group:

**************QUOTE**********

from DUer/Earth Bound Misfit's thread in the Computer group:

http://www.democraticunderground.com/10954629

The Security tab > Untick enable Java content is a new feature in Ver 7 update 10...not available in previous versions.

Below is what I believe is the easiest way to disable ALL Java plugins on Windows computers (credit Grinler site Owner/Admin @ Bleepingcomputer)
http://www.bleepingcomputer.com/forums/topic481462.html/page__view__findpost__p__2945754

Using a version of Java that is not Version 7 Update 10

1. Uninstall all versions of Java.
2. Download and install Version 7 Update 10 from the following locations depending on the bit-type of Windows:

Windows Offline (32-bit) http://javadl.sun.com/webapps/download/AutoDL?BundleId=71835
Windows Offline (64-bit) http://javadl.sun.com/webapps/download/AutoDL?BundleId=71837

3. Disable Java in your browsers by following these steps: http://www.java.com/en/download/help/disable_browser.xml

Java will now be disabled in your browsers. You must do this step for all users on Windows computers.


Currently using Version 7 Update 10

1. Disable Java in your browsers by following these steps: http://www.java.com/en/download/help/disable_browser.xml. Java will now be disabled in your browsers. You must do this step for all users on the Windows computer.


********UNQUOTE**********

Reply to this post

Back to top Alert abuse Link here Permalink


Response to UTUSN (Reply #3)

Sun Jan 13, 2013, 10:20 AM

5. Java and JavaScript are different animals

so disabling Java in the browser won't affect sites that rely on JavaScript.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to getting old in mke (Reply #5)

Sun Jan 13, 2013, 10:30 AM

6. Any thoughts on whether I should install 7 now or wait for the fix?

Please be very literal and specific with any steps, like, if installing 7 do I DISable it immediately until the fix is available? Thanks.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to UTUSN (Reply #6)

Sun Jan 13, 2013, 11:23 AM

10. In my professional opinion,

You should wait until you have a need for it before installing.

Java is going to have future vulnerabilities as well. Ultimately, there is no safe version.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Gore1FL (Reply #10)

Sun Jan 13, 2013, 11:47 AM

11. O.K., thanks (so far)!1 So what is my "need for it" & how will I know it?!1

I learned from the DU threads that Java and JavaSCRIPT are different, that DU uses JavaSCRIPT, and after UNinstalling Java I have been able to use all DU features I use (Rec; jury) and have played YouTube (with stalling, as always) -- so what does Java do for me?!1 I'm serious/sincere in asking, so thanks for any answers!1

Reply to this post

Back to top Alert abuse Link here Permalink


Response to UTUSN (Reply #11)

Sun Jan 13, 2013, 12:54 PM

14. It'll prompt you that you need it. n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Gore1FL (Reply #10)

Sun Jan 13, 2013, 12:16 PM

12. Java is a heck of a lot safer than the Microsoft dot-net and silverslime crap.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bernardo de La Paz (Reply #12)

Sun Jan 13, 2013, 12:24 PM

13. Today it definitely isn't

I don't recall the last time US-CERT said disable Silverlight or .NET.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Bernardo de La Paz (Reply #12)

Sun Jan 13, 2013, 12:57 PM

15. They will never have safe versions either

There will always be exploits.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to brooklynite (Original post)

Sun Jan 13, 2013, 10:11 AM

4. I am so ignorant when it comes to computers...

I use an iMac and haven't a clue what this Java thing is...do I need to worry?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Sekhmets Daughter (Reply #4)

Sun Jan 13, 2013, 10:42 AM

7. I'll let someone else with knowledge answer you for sure, but in my experience

Macs and Apples never seem to be affected by this garbage. Husband and I are thinking about getting one when our Windows PC finally kicks it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AllyCat (Reply #7)

Sun Jan 13, 2013, 01:05 PM

17. This is my second Mac...

bought the first in 2004...then Apple changed to the Intel chips in 2005 and eventually I could no longer download the newest browsers. I began having minor problems in 2011 and by the autumn of 2012 it was a real pain in the neck so I bought a new one. I must admit to loving my Macs...For computer dummies like myself it is a 'no brains required' system. Of course, less than 3 months after I bought my new one, Apple updated their iMacs...raised the base price $100. but included things that previously were $500. worth of upgrades. This is now the second time I've been off in my timing with Apple.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Sekhmets Daughter (Reply #17)

Sun Jan 13, 2013, 03:25 PM

19. This is my first Mac, though I have worked on several in various jobs.

My company updated all the computers to Mac Minis, and I love them so much that when my PC died, I bought a Mac Mini. I love it, and from now on, I will only buy Macs. Theirs is definitely a no-brains system.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Sekhmets Daughter (Reply #4)

Sun Jan 13, 2013, 10:46 AM

8. Java is not used by your computer...

...it's used by your web browser (Safari, Firefox, Chrome) for some website features (for example, YouTube videos). Go into the Preferences section of each to disable the functions.

Safari: Preferences: Security

Chrome: Preferences: Settings: Advanced Settings: Privacy: Content Settings

Firefox: Preferences: Content

Reply to this post

Back to top Alert abuse Link here Permalink


Response to brooklynite (Reply #8)

Sun Jan 13, 2013, 12:58 PM

16. Hey Thanks!

I have a new Mac OS X 10.8.2 and I would have to download Java (this I found out today when I realized I should probably Google the issue myself) Whatever I have instead of Java, I have no problems watching YouTube videos...so I guess I'll just pass up the whole Java thing.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Sekhmets Daughter (Reply #16)

Mon Jan 14, 2013, 01:31 AM

22. Same here.

I just checked my Java version and it is not 7.

Typing "java -version" at a command prompt shows you what you have. Since we have the same OS X release and if you've not updated Java either, it is probably the same as mine: 1.6 (or 6).

Reply to this post

Back to top Alert abuse Link here Permalink


Response to davidwparker (Reply #22)

Mon Jan 14, 2013, 07:44 AM

23. I have a new computer...Apple no longer installs Java...

If you want it you must go to the Oracle site and download it. I haven't missed it so I don't think I will bother.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to brooklynite (Reply #8)

Sun Jan 13, 2013, 11:21 PM

21. I just removed the Java program.

Is that good enough? YouTube still runs. Some other stuff doesn't. I will check out what you have said to make sure it is working the way I expected by removing it though. Thanks!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to brooklynite (Original post)

Sun Jan 13, 2013, 11:19 AM

9. I hope so. Many sites I use google news, bing news, etc rely on java for some of the results

options.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to brooklynite (Original post)

Sun Jan 13, 2013, 02:51 PM

18. UPDATE - Java update expected on Tuesday

PC World:

Oracle is working on an update to address a flaw in its Java software.

The company says it will release a patch that will fix 86 vulnerabilities in Java 7 on Tuesday.

The Department of Homeland Security last week said computer users should disable the program in web browsers because hackers were using a zero-day vulnerability to attack computer systems. Criminals were using the flaw to stealthily install malware on the computers of users who visit compromised websites.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to brooklynite (Original post)

Sun Jan 13, 2013, 03:34 PM

20. I got a pop up when I went to NYT's puzzle page today that

said my Java was out of date, that a needed security update was available and that my java had been disabled.

Looked fishy to me, so I skipped it.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread