|
|
|
Page 1 of 1
|
[ 15 posts ] |
|
The US of Christian Magic asks users to stop using java.
Author |
Message |
Pantsman
Level 39
Posts: 21063 |
Joined: Sat Feb 14, 2009 11:44 pm |
Cash on hand: 2,187.55
Bank: 5,250.50
Group: Sysop |
|
The US of Christian Magic asks users to stop using java.
http://news.yahoo.com/us-government-tel ... 00371.htmlThe U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks. The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts. Experts believe hackers have found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief. Java is a widely used technical language that allows computer programmers to write a wide variety of Internet applications and other software programs that can run on just about any computer's operating system. Oracle Corp. bought Java as part of a $7.3 billion acquisition of the software's creator, Sun Microsystems, in 2010. Oracle, which is based in Redwood Shores, Calif., had no immediate comment late Friday. - Spoiler: show
- Yesterday, we learned that a new zero-day exploit affecting Java 7 update 10 was identified. According to experts, the zero-day code could not have worked if Oracle had properly addressed an old vulnerability.
Adam Gowdiak, the CEO of Security Explorations – the company that’s responsible for identifying and reporting most of the latest vulnerabilities affecting Java – has told Softpedia in an email that this is another instance of Java vulnerabilities that stem from the insecure implementation of the Reflection API.
According to Gowdiak, the new attack is a combination of two vulnerabilities.
“The first flaw allows to load arbitrary (restricted) classes by the means of findClass method of com.sun.jmx.mbeanserver.MBeanInstantiator class. The problem stems from insecure call to Class.forName() method,” the expert explained.
“The second issue abuses the new Reflection API to successfully obtain and call MethodHandle objects that point to methods and constructors of restricted classes. This second issue relies on invokeWithArguments method call of java.lang.invoke. MethodHandle class, which has been already a subject of a security problem.”
The security problem that Gowdiak is talking about is the one dubbed “Issue 32,” which they reported to Oracle on August 31, 2012.
Oracle released a patch for it in October 2012, but the fix wasn’t complete, allowing an attacker to continue to abuse the invokeWithArguments method to set up calls to invokeExact method with a trusted system class as a target method caller.
“The zero-day code would not work if Issue 32 was properly addressed. The issue can be still abused to call arbitrarily security sensitive methods with a trusted class set as a caller. This allows to bypass certain security checks relying on the caller class (this is the case for both core and new Reflection API),” the researcher noted.
“Also, the zero-day would not work if the exploitation vector relying on DefiningClassLoader class was addressed by Oracle. We sent Oracle additional Proof of Concept code for Issue 32 that illustrated this exploitation vector in Sep 2012,” he added.
“Bugs are like mushrooms, in many cases they can be found in a close proximity to those already spotted. It looks Oracle either stopped the picking too early or they are still deep in the woods,” Gowdiak concluded.
In the meantime, users are advised to disable or uninstall Java from their systems completely if the component is not needed.
Alternatively, Windows customers can turn to a new feature added to Java 7 update 10, designed to warn the user when they’re about to launch untrusted code.
Update. Additional technical details of the flaw have been published on Bugtraq.
http://news.softpedia.com/news/Java-1-7 ... 0305.shtml
_________________
Yeap.
_________________
1 pcs.
|
4 pcs.
|
|
Tue Jan 15, 2013 7:43 pm |
|
|
joshex
Level 22
Posts: 2257 |
Joined: Sat Nov 17, 2012 11:10 am |
Cash on hand: 175,593.20
Location: SR388 |
Group: Special Access |
|
Re: The US of Christian Magic asks users to stop using java.
I've been having problems with internetbased java programs (usually advertisements) sending viruses to my computer for years now, I've been disabling java when ever I don't need it for that very reason. I've told other people how they got thier viruses too and had them disable java.
_________________ mepsipax
got any?
His name is not Robert Paulsen, His name is Gregory Matthew Bruni, he won so hard.
|
Tue Jan 15, 2013 8:44 pm |
|
|
Pantsman
Level 39
Posts: 21063 |
Joined: Sat Feb 14, 2009 11:44 pm |
Cash on hand: 2,187.55
Bank: 5,250.50
Group: Sysop |
|
Re: The US of Christian Magic asks users to stop using java.
Noscript ftw?
_________________
Yeap.
_________________
1 pcs.
|
4 pcs.
|
|
Tue Jan 15, 2013 8:45 pm |
|
|
Parpol
Level 38
Posts: 10364 |
Joined: Sun Oct 26, 2008 5:47 am |
Cash on hand: 435.45
Bank: 2,750,364.30
Group: Dev Team |
|
Re: The US of Christian Magic asks users to stop using java.
Java has always had shitty security.
Noscript indeed.
_________________ My Pixiv
- Spoiler: show
- OLD VERSION, BITCHES!
|
Wed Jan 16, 2013 5:25 am |
|
|
Odin Anarki
ℱᒪ૪ᓰﬡᘐ ᖘ⋒ᖇᖰᒪᙓ ᖘᙓﬡᓮᔕ
Posts: 19749 |
Joined: Fri Mar 04, 2011 9:57 pm |
Cash on hand: 258,935,944.23
Bank: 7,777,777.77
Location: ЇИ УОЦЯ MЇЙD FЦCКЇЙG ЇT ЇЙTО ОBLЇVЇОЙ |
Group: Їи$aиїту |
Country: |
|
Re: The US of Christian Magic asks users to stop using java.
funny, i NEVER get infected, and i have java enabled, and dont use noscript
_________________
?Їи$aиїту Group! | Ultimate Fh Tribute!
© 2010 -2099 Odin Anarkis. All Rights Reserved. Quotes - Spoiler: show
who149 wrote: I'm trying i'm trying~ i'm making I'll try too slowly up my posting. At least once a day for a bit. Then I'll up that too twice, then four, then 8 and so on. Until eventually I wake up one morning and find out that I am actually an Idiot hero. On some quest too cheat on his gf or raise affection of 5 women who conveniently live in my the same dorm as me. In which I only have 100 days to seduce them all.
Remon wrote: Now we can dominate the porn industry, camera industry, AND the world! YomToxic wrote: YOU BETTER STAY ALIVE OR ELSE I WILL HUNT YOU DOWN AND RAPE YOU DEAD.
|
Sat Jan 19, 2013 5:53 pm |
|
|
Pantsman
Level 39
Posts: 21063 |
Joined: Sat Feb 14, 2009 11:44 pm |
Cash on hand: 2,187.55
Bank: 5,250.50
Group: Sysop |
|
Re: The US of Christian Magic asks users to stop using java.
That's what it wants you to think...
_________________
Yeap.
_________________
1 pcs.
|
4 pcs.
|
|
Sat Jan 19, 2013 6:10 pm |
|
|
Odin Anarki
ℱᒪ૪ᓰﬡᘐ ᖘ⋒ᖇᖰᒪᙓ ᖘᙓﬡᓮᔕ
Posts: 19749 |
Joined: Fri Mar 04, 2011 9:57 pm |
Cash on hand: 258,935,944.23
Bank: 7,777,777.77
Location: ЇИ УОЦЯ MЇЙD FЦCКЇЙG ЇT ЇЙTО ОBLЇVЇОЙ |
Group: Їи$aиїту |
Country: |
|
Re: The US of Christian Magic asks users to stop using java.
sure, but seriously, i just dont get infections
_________________
?Їи$aиїту Group! | Ultimate Fh Tribute!
© 2010 -2099 Odin Anarkis. All Rights Reserved. Quotes - Spoiler: show
who149 wrote: I'm trying i'm trying~ i'm making I'll try too slowly up my posting. At least once a day for a bit. Then I'll up that too twice, then four, then 8 and so on. Until eventually I wake up one morning and find out that I am actually an Idiot hero. On some quest too cheat on his gf or raise affection of 5 women who conveniently live in my the same dorm as me. In which I only have 100 days to seduce them all.
Remon wrote: Now we can dominate the porn industry, camera industry, AND the world! YomToxic wrote: YOU BETTER STAY ALIVE OR ELSE I WILL HUNT YOU DOWN AND RAPE YOU DEAD.
|
Sat Jan 19, 2013 9:34 pm |
|
|
Parpol
Level 38
Posts: 10364 |
Joined: Sun Oct 26, 2008 5:47 am |
Cash on hand: 435.45
Bank: 2,750,364.30
Group: Dev Team |
|
Re: The US of Christian Magic asks users to stop using java.
you wouldn't really notice an infiltration with java. You start the java application and your computer allows it. Next thing you know, you give some guy complete access to your file system.
_________________ My Pixiv
- Spoiler: show
- OLD VERSION, BITCHES!
|
Sun Jan 20, 2013 12:39 am |
|
|
Odin Anarki
ℱᒪ૪ᓰﬡᘐ ᖘ⋒ᖇᖰᒪᙓ ᖘᙓﬡᓮᔕ
Posts: 19749 |
Joined: Fri Mar 04, 2011 9:57 pm |
Cash on hand: 258,935,944.23
Bank: 7,777,777.77
Location: ЇИ УОЦЯ MЇЙD FЦCКЇЙG ЇT ЇЙTО ОBLЇVЇОЙ |
Group: Їи$aиїту |
Country: |
|
Re: The US of Christian Magic asks users to stop using java.
I'd like to learn a little more about how these infections work, theres never been a "next thing you know" with me, what REALLY goes down?
_________________
?Їи$aиїту Group! | Ultimate Fh Tribute!
© 2010 -2099 Odin Anarkis. All Rights Reserved. Quotes - Spoiler: show
who149 wrote: I'm trying i'm trying~ i'm making I'll try too slowly up my posting. At least once a day for a bit. Then I'll up that too twice, then four, then 8 and so on. Until eventually I wake up one morning and find out that I am actually an Idiot hero. On some quest too cheat on his gf or raise affection of 5 women who conveniently live in my the same dorm as me. In which I only have 100 days to seduce them all.
Remon wrote: Now we can dominate the porn industry, camera industry, AND the world! YomToxic wrote: YOU BETTER STAY ALIVE OR ELSE I WILL HUNT YOU DOWN AND RAPE YOU DEAD.
|
Wed Jan 23, 2013 10:44 am |
|
|
Parpol
Level 38
Posts: 10364 |
Joined: Sun Oct 26, 2008 5:47 am |
Cash on hand: 435.45
Bank: 2,750,364.30
Group: Dev Team |
|
Re: The US of Christian Magic asks users to stop using java.
Java has access to your file system. By visiting and having java enabled, it can make you download and install a file. Java can also establish a connection with a server or client, or the program it just installed could, and all this can happen without you knowing.
_________________ My Pixiv
- Spoiler: show
- OLD VERSION, BITCHES!
|
Wed Jan 23, 2013 2:55 pm |
|
|
Odin Anarki
ℱᒪ૪ᓰﬡᘐ ᖘ⋒ᖇᖰᒪᙓ ᖘᙓﬡᓮᔕ
Posts: 19749 |
Joined: Fri Mar 04, 2011 9:57 pm |
Cash on hand: 258,935,944.23
Bank: 7,777,777.77
Location: ЇИ УОЦЯ MЇЙD FЦCКЇЙG ЇT ЇЙTО ОBLЇVЇОЙ |
Group: Їи$aиїту |
Country: |
|
Re: The US of Christian Magic asks users to stop using java.
and theres no such thing as a java firewall? or something similar, out there?
_________________
?Їи$aиїту Group! | Ultimate Fh Tribute!
© 2010 -2099 Odin Anarkis. All Rights Reserved. Quotes - Spoiler: show
who149 wrote: I'm trying i'm trying~ i'm making I'll try too slowly up my posting. At least once a day for a bit. Then I'll up that too twice, then four, then 8 and so on. Until eventually I wake up one morning and find out that I am actually an Idiot hero. On some quest too cheat on his gf or raise affection of 5 women who conveniently live in my the same dorm as me. In which I only have 100 days to seduce them all.
Remon wrote: Now we can dominate the porn industry, camera industry, AND the world! YomToxic wrote: YOU BETTER STAY ALIVE OR ELSE I WILL HUNT YOU DOWN AND RAPE YOU DEAD.
|
Mon Jan 28, 2013 4:09 am |
|
|
Pantsman
Level 39
Posts: 21063 |
Joined: Sat Feb 14, 2009 11:44 pm |
Cash on hand: 2,187.55
Bank: 5,250.50
Group: Sysop |
|
Re: The US of Christian Magic asks users to stop using java.
I use Noscript.
_________________
Yeap.
_________________
1 pcs.
|
4 pcs.
|
|
Mon Jan 28, 2013 7:07 am |
|
|
Odin Anarki
ℱᒪ૪ᓰﬡᘐ ᖘ⋒ᖇᖰᒪᙓ ᖘᙓﬡᓮᔕ
Posts: 19749 |
Joined: Fri Mar 04, 2011 9:57 pm |
Cash on hand: 258,935,944.23
Bank: 7,777,777.77
Location: ЇИ УОЦЯ MЇЙD FЦCКЇЙG ЇT ЇЙTО ОBLЇVЇОЙ |
Group: Їи$aиїту |
Country: |
|
Re: The US of Christian Magic asks users to stop using java.
i started using noscript but it did mess with alot of sites
since im already pretty carefull as it is i let it be
lol, i still have the only virus that ever did manage to get past me packed up, its a rootkit
just incase you guys ever need a random rootkit file
_________________
?Їи$aиїту Group! | Ultimate Fh Tribute!
© 2010 -2099 Odin Anarkis. All Rights Reserved. Quotes - Spoiler: show
who149 wrote: I'm trying i'm trying~ i'm making I'll try too slowly up my posting. At least once a day for a bit. Then I'll up that too twice, then four, then 8 and so on. Until eventually I wake up one morning and find out that I am actually an Idiot hero. On some quest too cheat on his gf or raise affection of 5 women who conveniently live in my the same dorm as me. In which I only have 100 days to seduce them all.
Remon wrote: Now we can dominate the porn industry, camera industry, AND the world! YomToxic wrote: YOU BETTER STAY ALIVE OR ELSE I WILL HUNT YOU DOWN AND RAPE YOU DEAD.
|
Mon Jan 28, 2013 2:48 pm |
|
|
Parpol
Level 38
Posts: 10364 |
Joined: Sun Oct 26, 2008 5:47 am |
Cash on hand: 435.45
Bank: 2,750,364.30
Group: Dev Team |
|
Re: The US of Christian Magic asks users to stop using java.
you can allow the script on sites you trust. click the little noscript icon and permanently allow websites like Forkheads.net
_________________ My Pixiv
- Spoiler: show
- OLD VERSION, BITCHES!
|
Mon Jan 28, 2013 2:52 pm |
|
|
Odin Anarki
ℱᒪ૪ᓰﬡᘐ ᖘ⋒ᖇᖰᒪᙓ ᖘᙓﬡᓮᔕ
Posts: 19749 |
Joined: Fri Mar 04, 2011 9:57 pm |
Cash on hand: 258,935,944.23
Bank: 7,777,777.77
Location: ЇИ УОЦЯ MЇЙD FЦCКЇЙG ЇT ЇЙTО ОBLЇVЇОЙ |
Group: Їи$aиїту |
Country: |
|
Re: The US of Christian Magic asks users to stop using java.
i know, but even that didnt work for some sites
since i had no problems before hand, disabling it wasnt a problem
_________________
?Їи$aиїту Group! | Ultimate Fh Tribute!
© 2010 -2099 Odin Anarkis. All Rights Reserved. Quotes - Spoiler: show
who149 wrote: I'm trying i'm trying~ i'm making I'll try too slowly up my posting. At least once a day for a bit. Then I'll up that too twice, then four, then 8 and so on. Until eventually I wake up one morning and find out that I am actually an Idiot hero. On some quest too cheat on his gf or raise affection of 5 women who conveniently live in my the same dorm as me. In which I only have 100 days to seduce them all.
Remon wrote: Now we can dominate the porn industry, camera industry, AND the world! YomToxic wrote: YOU BETTER STAY ALIVE OR ELSE I WILL HUNT YOU DOWN AND RAPE YOU DEAD.
|
Thu Jan 31, 2013 4:20 pm |
|
|
|
|
Page 1 of 1
|
[ 15 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 6 guests |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum
|
|
|
|