Java

[Slickcraft]

Most have heard of the Java script vulnerability, now Homeland Security is recommending that you disable Java:
http://www.forbes.com/sites/eliseack...-disable-java/
Your computer could become; for example; part of a foreign attack of our business or government computer systems.

Lots of info out there on how to do it such as:
http://www.pcmag.com/article2/0,2817,2414191,00.asp

On the Winni Forum it looks like you can still navigate around with Java disabled but things like drop down menus don't work. Maybe Don is already looking into the impact. Oracle has not said how long it will take to get a fix.

I have Java disabled on my Firefox browser but turn it on for a few trusted sites such as my online bank account as you can't log on without Java enabled.

[Belmont Resident]

Quote:

Originally Posted by Slickcraft

Most have heard of the Java script vulnerability, now Homeland Security is recommending that you disable Java:
http://www.forbes.com/sites/eliseack...-disable-java/
Your computer could become; for example; part of a foreign attack of our business or government computer systems.

Lots of info out there on how to do it such as:
http://www.pcmag.com/article2/0,2817,2414191,00.asp

On the Winni Forum it looks like you can still navigate around with Java disabled but things like drop down menus don't work. Maybe Don is already looking into the impact. Oracle has not said how long it will take to get a fix.

I have Java disabled on my Firefox browser but turn it on for a few trusted sites such as my online bank account as you can't log on without Java enabled.

When it comes to our government I believe none of what I hear and only half of what I see. I like many others have lost ALL faith.
Way to many things are kept from us.

[Slickcraft]

Quote:

Originally Posted by Belmont Resident

When it comes to our government I believe none of what I hear and only half of what I see. I like many others have lost ALL faith.
Way to many things are kept from us.

If you look around the government is only a late comer to warnings about Java.

If you want to leave your computer wide open then that certainly is your prerogative.

My note is simply for those that are not aware of the issue.

[BroadHopper]

Quote:

Originally Posted by Belmont Resident

When it comes to our government I believe none of what I hear and only half of what I see. I like many others have lost ALL faith.
Way to many things are kept from us.

I have to agree with you 100%. You will find the Fiscal Cliff bill passed has a lot of tax credits attached to it as well as the normal 'pork'. It did not help the budget at all, just add to the deficit.

'A group of baboons is called a congress'.

ANY microprocessor with wifi or internet access is vulnerable to an attack, not just Java. It is important that you allow your operating system and programs to update. Most updates are security updates. It is very important that you have firewall as well as anti-virus protection. The best free ware protection is Microsoft Essentials. It is a comprehensive package.

[Belmont Resident]

Quote:

Originally Posted by BroadHopper

I have to agree with you 100%. You will find the Fiscal Cliff bill passed has a lot of tax credits attached to it as well as the normal 'pork'. It did not help the budget at all, just add to the deficit.

'A group of baboons is called a congress'.

ANY microprocessor with wifi or internet access is vulnerable to an attack, not just Java. It is important that you allow your operating system and programs to update. Most updates are security updates. It is very important that you have firewall as well as anti-virus protection. The best free ware protection is Microsoft Essentials. It is a comprehensive package.

We went to Apple computers, it is all automatic.
So far so good, far less issues then when we had Microsoft.

[PaugusBayFireFighter]

Quote:

Originally Posted by Belmont Resident

We went to Apple computers, it is all automatic.
So far so good, far less issues then when we had Microsoft.

Same here...iPads and Chromebooks for us...no worries, no virus.

[Belmont Resident]

Quote:

Originally Posted by PaugusBayFireFighter

Same here...iPads and Chromebooks for us...no worries, no virus.

My wife bought me a refurbed computer to replace the laptop I'd been using.
All this time I thought the slower and slower speed was the internet (metrocast) provider. Turns out with the new computer everything works great now, no more slow speed.
Yes they are more expensive but in the end it is worth every dime, and the ease of use blows away anything else I've ever owned both for work and personal, computer or laptop.
I wouldn't own anything else. Now if I had only gotten the I-phone instead of the POS android phone.

[BroadHopper]

Apple, Microsoft, Unix, Google etc. are all pretty good OS and all have their pros and con. It is what you want them to do. I would not buy any software until the first service pack or sub version is out. I've been in IT since the IBM days and I experienced everything.

Lately Apple owners have been experiencing hardware problems. Many Iproducts were returned because of cracked screens etc. The Apple store does a good job replacing defective equipment.

Google OS aka Android, Telikin etc. will be the up and coming OS to watch. Microsoft and Apple are stepping up with new touch screen and voice interface. The next frontier will be motion interface aka Kinetics.

I would not by Windows 8 until the first service pack is out.

Those with Windows operating systems that are experiencing software problems should download 'Advanced Care 6'. I highly recomend this free ware to 'clean' your computer.

[trfour]

Quote:

Originally Posted by Belmont Resident

My wife bought me a refurbed computer to replace the laptop I'd been using.
All this time I thought the slower and slower speed was the internet (metrocast) provider. Turns out with the new computer everything works great now, no more slow speed.
Yes they are more expensive but in the end it is worth every dime, and the ease of use blows away anything else I've ever owned both for work and personal, computer or laptop.
I wouldn't own anything else. Now if I had only gotten the I-phone instead of the POS android phone.

Used to be... Yup, but now that Apple is gaining a larger slice of the pie, more market share, the bad guys are and will catchup...
http://threatpost.com/en_us/category...campaign=Apple

Terry
_______________________________

[Rusty]

Would you like to see how many Javascripts are used on the page that you are viewing?

Do this if you have windows:

1. On your menu bar click on "View".
2. Click on "Source".
3. Click on "Edit"
4. Click on "Find"
5. Type in "javascript".
6. Hit "Enter" or "Next"

Wherever there is a "javascript" in the page you are viewing it will be hi-lited.
This forum has many of them.

I wouldn't be able to run my security cameras without Java.

[brk-lnt]

Quote:

Originally Posted by Rusty

Would you like to see how many Javascripts are used on the page that you are viewing?

Do this if you have windows:

1. On your menu bar click on "View".
2. Click on "Source".
3. Click on "Edit"
4. Click on "Find"
5. Type in "javascript".
6. Hit "Enter" or "Next"

Wherever there is a "javascript" in the page you are viewing it will be hi-lited.
This forum has many of them.

I wouldn't be able to run my security cameras without Java.

That's nice, but *java* and *javascript* have nothing in common but 4 letters.

The current vulnerability warning is about Java, which is an Oracle product and is basically a way for (supposedly) secure programs to be downloaded and run on your PC or in a browser. Think of it like a program you install on your PC, except it doesn't stay installed, it gets downloaded and executed whenever you visit a website. The benefit of a java application is that you can typically offer something that is closer to a "program" than a "webpage", meaning more interactivity and animation options for example.

Javascript is a lightweight programming language which is primarily used to enhance website experiences. Javascript is plain text which is downloaded and then executed in your browser. It has nothing in common with java, it came about a long time ago (mid/late 90's) and was essentially named to try and capitalize on the "Java" name, which was kind of new and fresh at the time.

For now, you can safely leave javascript enabled and not worry about the Java vulnerability issue.

[Rusty]

Quote:

Originally Posted by brk-lnt

That's nice, but *java* and *javascript* have nothing in common but 4 letters.

The current vulnerability warning is about Java, which is an Oracle product and is basically a way for (supposedly) secure programs to be downloaded and run on your PC or in a browser. Think of it like a program you install on your PC, except it doesn't stay installed, it gets downloaded and executed whenever you visit a website. The benefit of a java application is that you can typically offer something that is closer to a "program" than a "webpage", meaning more interactivity and animation options for example.

Javascript is a lightweight programming language which is primarily used to enhance website experiences. Javascript is plain text which is downloaded and then executed in your browser. It has nothing in common with java, it came about a long time ago (mid/late 90's) and was essentially named to try and capitalize on the "Java" name, which was kind of new and fresh at the time.

For now, you can safely leave javascript enabled and not worry about the Java vulnerability issue.

I do know that "Java" and "Javascript" have nothing in common.

I posted about Javascript because "Slickcraft" stated: "Most have heard of the Java script vulnerability".
Then he posted about "Java", and if you read my post it says: "I wouldn't be able to run my security cameras without Java."

I guess I didn't make it clear that they are two different things.

However thank you for explaining it so the average computer user will understand.

Here is what I need to use my security cameras:

[Slickcraft]

Quote:

Originally Posted by Rusty

I do know that "Java" and "Javascript" have nothing in common.

I posted about Javascript because "Slickcraft" stated: "Most have heard of the Java script vulnerability".
Then he posted about "Java", and if you read my post it says: "I wouldn't be able to run my security cameras without Java."

I guess I didn't make it clear that they are two different things.

However thank you for explaining it so the average computer user will understand.

Here is what I need to use my security cameras:

Yes I see that I made an error in including the word "script" in one phrase. My bad.

[NoBozo]

I just finished the latest book by Tom Clancy. "Threat Vector". It will make you want to change your PassWord ... every three days or less.

It is centered around entities that can infiltrate/hack your computer...or any other computer, or network, or security system.. that THEY want...Including security cameras.... NB

PS: Who is THEY..?? You have to read the book....

[Rusty]

Quote:

Originally Posted by NoBozo

I just finished the latest book by Tom Clancy. "Threat Vector". It will make you want to change your PassWord ... every three days or less.

It is centered around entities that can infiltrate/hack your computer...or any other computer, or network, or security system.. that THEY want...Including security cameras.... NB

PS: Who is THEY..?? You have to read the book....

So while I'm watching someone on my security cameras (5 of them), someone is watching me at the same time??

Now I won't be able to sleep tonight. I think I'll go have a cup of "Java" to calm me down.

[NoBozo]

Quote:

Originally Posted by Rusty

So while I'm watching someone on my security cameras (5 of them), someone is watching me at the same time??

Now I won't be able to sleep tonight. I think I'll go have a cup of "Java" to calm me down.

RUSTY You bet: Not only that..if your laptop has a camera on top ....THEY can watch you from there...spooky isn't it. Clancy is usually pretty close to REAL. Sleep Tight Rusty.. NB

[wifi]

Quote:

Originally Posted by NoBozo

RUSTY You bet: Not only that..if your laptop has a camera on top ....THEY can watch you from there...spooky isn't it. Clancy is usually pretty close to REAL. Sleep Tight Rusty.. NB

You might or might not be aware of this story

[Island Girl]

The actual warning in fine print says that the big threat is for JAVA 7 aka 1.7. If you have a lesser version you can still use it.

[Rusty]

When I have to trouble shoot a computer remotely, I use a program called Teamviewer 7.
It allows me to take over someones computer and get into anything that is on it. Sometimes I have to get a password or permission from them to access a certain systems file but for the most part I can control their computer as if it was mine.
Their desktop will show up on my screen and I can access just about everything. As I am using it, the person on the other end will see everything that I do.

That being said, I wonder just how save something like that is while I am hooked up remotely to them.

Teamviewer 7 is free and you can download it from HERE.

[Slickcraft]

http://news.cnet.com/8301-1009_3-575...vulnerability/

http://www.oracle.com/technetwork/ja...ads/index.html

[MAXUM]

Quote:

Originally Posted by PaugusBayFireFighter

Same here...iPads and Chromebooks for us...no worries, no virus.

Seriously?

I remain neutral far as operating systems go, but anything is hackable and anything can be exploited, yes even your apple products! Think I'm kidding? Here's proof!

That exploit for Java is exercising the JRE or Java Runtime Environment. One of the reasons for Java's popularity is the fact it can with a single code base run on multiple platforms. Many software companies are writing their code in Java so it is platform agnostic and a huge cost savings. Now that said... this exploit affects everything that has Oracle's JRE installed for now, but my guess is that may end up expanding over the coming days, however other iterations of JRE's have been produced by others (as it is an open platform but all based on a common code set) so no doubt affected as well. However I digress, sample code for the exploit has been published, I cut the important pieces out to show that it doesn't matter what you got if Java is installed, you're at risk.

'References' =>
[
[ 'CVE', '2013-0422' ],
[ 'URL', 'http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html' ],
[ 'URL', 'http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/' ]
],
'Platform' => [ 'java', 'win', 'osx', 'linux' ],
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)',
{
'Platform' => ['java'],
'Arch' => ARCH_JAVA,
}
],
[ 'Windows x86 (Native Payload)',
{
'Platform' => 'win',
'Arch' => ARCH_X86,
}
],
[ 'Mac OS X x86 (Native Payload)',
{
'Platform' => 'osx',
'Arch' => ARCH_X86,
}
],
[ 'Linux x86 (Native Payload)',
{
'Platform' => 'linux',
'Arch' => ARCH_X86,
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jan 10 2013'
))

So don't think because you run anything but Windows you're safe cause you're not. At least one good thing about Windows is a virus can't come along and re-compile your Kernel and really blow your system to smithereens.

The only reason why MACs and LINUX os's haven't seen the number of exploits as Windows is simply that Windows is a much larger target due to market share. Not that either on is fundamentally more secure.

Again not turning this into a which is better than the other discussion, just saying don't have a false sense of security

[diz]

Quote:

Originally Posted by MAXUM

Seriously?

So don't think because you run anything but Windows you're safe cause you're not. At least one good thing about Windows is a virus can't come along and re-compile your Kernel and really blow your system to smithereens.

The only reason why MACs and LINUX os's haven't seen the number of exploits as Windows is simply that Windows is a much larger target due to market share. Not that either on is fundamentally more secure.

Again not turning this into a which is better than the other discussion, just saying don't have a false sense of security

I totally agree about market share and that the latest versions of Windows are as good as any Linux OS. But don't you think there are a heck of a lot more Windows users that are not properly patched than Mac or Red Hat users? There's still a LOT of IE6 out there. (I am a Mac guy so I am probably biased.)

[PaugusBayFireFighter]

Quote:

Originally Posted by MAXUM

Seriously?

To be clear, I don't believe I'm safer from hacking because I use iPads, iPhones and Chromebooks. I just like not worrying about getting a virus or paying for anti-virus software every year.
Security wise, if they want in, I am sure they will get in, but I never worry about that.

[BroadHopper]

Go to your control panel and click on 'add or remove programs'. Scroll down to Java. I can bet that you have more than one version of java. You can safely remove all the older version of java. This operation will also remove java vulnerabilities. java does not upload security patches, it installs a new version. See the java website for more info.

[brk-lnt]

Quote:

Originally Posted by MAXUM

S
The only reason why MACs and LINUX os's haven't seen the number of exploits as Windows is simply that Windows is a much larger target due to market share. Not that either on is fundamentally more secure.

The quantity of each platform and the correlation to virus and exploit issues is an oft-repeated urban myth.

Linux is widely used on webservers around the world. Apple has been eating steady marketshare away from Windows in the consumer market for years now. Both have installations of 10's, if not hundreds, of millions of active machines. Plenty enough to make them a target of virii and exploits.

Each OS has its own pros and cons, and the security of the core OS itself is one thing, then there is how easy that OS (or other pre-installed software like IE) makes it for rogue code to be downloaded and executed.

The core of the Windows OS is pretty secure. Their UI model and other aspects of the software, not so much. Windows is "secure", but more easily exploited than linux or OSX due to how applications can be installed and run without direct user interaction or awareness.

[MAXUM]

Quote:

Originally Posted by brk-lnt

The quantity of each platform and the correlation to virus and exploit issues is an oft-repeated urban myth.

Linux is widely used on webservers around the world. Apple has been eating steady marketshare away from Windows in the consumer market for years now. Both have installations of 10's, if not hundreds, of millions of active machines. Plenty enough to make them a target of virii and exploits.

Each OS has its own pros and cons, and the security of the core OS itself is one thing, then there is how easy that OS (or other pre-installed software like IE) makes it for rogue code to be downloaded and executed.

The core of the Windows OS is pretty secure. Their UI model and other aspects of the software, not so much. Windows is "secure", but more easily exploited than linux or OSX due to how applications can be installed and run without direct user interaction or awareness.

Well it's said that apple is eating away Microsoft's market share, but the numbers speak to that, see here: http://www.netmarketshare.com/operat...=9&qpcustomb=0

So it would stand to reason that anyone looking to data mine or exploit an operating system would target the windows desktop, especially since so many are used in places of business which is a target rich environment. No doubt with the popularity of smart phones and portable devices they too will become of more interest to hackers. Thing is that many users of both desktops and mobile devices have little knowledge as to what they are doing and many exploits are passed along due to ignorance of the user, often times gaining access to a system with the logged on account having full unrestricted rights to the operating system than anything else. There is only so much any manufacturer can do to curb that, IE can't fix stupid! An email with an attachment that is executed with malicious code as an example can just as easily screw any computer up, whether it be a windows system with a user logged on with full administrative rights, or a user on a UNIX system logged in as root. I would assert also that most folks that run a LINUX desktop are not your average dare I say ignorant user. Therefore they would tend to be more judicious in how they setup and use their systems.

Stuff like this can be argued till the cows come home, my only point was to show that the Java exploit was in the JRE and if installed doesn't matter what OS it's on the system is vulnerable. That is not a poor reflection on any of the operating system manufacturers, it's the JRE to blame in this case!

[JayDV]

Thanks to all you learned folk. I found this to be very interesting.

I have tried to maintain a secure pc, but I still encounter slow(er) performance issues. I tried scans and have not found any problems. I will try that Advanced Care 6 mentioned earlier here.

I do know that password protection is utmost important and I was having difficulty coming up with new unique passwords for the many accounts I have and was recently introduced to LastPass. It runs along with your browser somehow and you click an icon to "login" to an account your browser has opened. The passwords are stored "elsewhere" and it auto logs you in. Because you are not using your keyboard to log into an account, the keystroke logger virus can't catch those passwords. LastPass can also auto generate a password for you, the length will show the strength of the password.

I'm sure there is a bunch more about this type of password program that I don't know about, but I would like to hear some opinions.

[magicrobotmonkey]

One tip for setting passwords that I've always done: instead of making my passwords words, I make them patterns on the keyboard. For instance, try typing zSE4bHU8 It's a simple pattern and if you have to use it mutiple times a day it will be no time at all before it becomes muscle memory and you don't even have to think it, your hands do it for you!

[trfour]

Under; Read It And Weep!
http://threatpost.com/en_us/blogs/la...s-found-011813

Terry
____________________________________

[Rusty]

Quote:

Originally Posted by trfour

Under; Read It And Weep!
http://threatpost.com/en_us/blogs/la...s-found-011813

Terry
____________________________________

Thanks Terry.

Just got off the phone with technical support for my cameras and they said to use Activex instead of Java. That means I will have to use Firefox as my browser. Internet Explorer uses Java and Firefox uses Activex.
That means anyone who uses a Mac do not have to worry about Java.

I guess I need to think this whole thing over because I use many different computers and locations to view my security cameras.

[Slickcraft]

While I did install the build 11 update there was not an overwhelming sense of security. So I disabled Java in the browser on the Java control panel but allowed Java Script in Firefox.

So far I have not had any problems navigating web pages with the Java add-on disabled. If I need it for a specific known web page such as the registry of deeds than I would turn it on only for that session.

[ishoot308]

Quote:

Originally Posted by Rusty

Thanks Terry.

Just got off the phone with technical support for my cameras and they said to use Activex instead of Java. That means I will have to use Firefox as my browser. Internet Explorer uses Java and Firefox uses Activex.
That means anyone who uses a Mac do not have to worry about Java.

I guess I need to think this whole thing over because I use many different computers and locations to view my security cameras.

Correct me if I am wrong but I believe Internet Explorer supports Activex not Firefox...??

Dan

[Rusty]

Quote:

Originally Posted by ishoot308

Correct me if I am wrong but I believe Internet Explorer supports Activex not Firefox...??

Dan

I guess both browsers support Java or Activex (somehow anyway). Firefox supports mostly Java but can support Activex.

If I understood the tech support fella he said that my security cameras will only use Java for ie and when I use Firefox it will ask me to load Activex. I really don't understand the reason why but he said that is the only way to not use Java for my cameras. It must have something to do with their software. I have D-Link cameras and use mydlink.com to access them.


Confusing to say the least.

[ApS]

Quote:

Originally Posted by magicrobotmonkey

One tip for setting passwords that I've always done: instead of making my passwords words, I make them patterns on the keyboard. For instance, try typing zSE4bHU8 It's a simple pattern and if you have to use it mutiple times a day it will be no time at all before it becomes muscle memory and you don't even have to think it, your hands do it for you!

My ISP provider stated I had an excellent eight-digit password—so I told him—"Look down at where those keys are located on your keyboard".

(They made a pattern that was easy to remember).

[Slickcraft]

I run Norton Internet Security and got an email this morning on the Java issue:

Quote:

You may have recently seen some of the extensive news coverage, including statements from the United States Department of Homeland Security, regarding a vulnerability in Java. Java is both a language and a platform to run websites and programs used by many computer users, both on the PC and Mac operating systems. This vulnerability leaves millions of computers open to malware attacks and can lure online traffic to virus-infected websites.
Rest assured, because you have a Norton security software product installed on your computer, you’re protected against the Java bug (CVE-2013-0422), as long as you have not disabled the automatic updates feature.
We also recommend that you apply Oracle’s recently released security patch and make sure you are running the most updated version of Java.

Thank you for being a valued Norton customer.

Sincerely,
The Norton Team

[trfour]

disable Java in your browser on Windows, Mac. I sure do get a kick out of some Mac folks thinking that Mac computers are safe and the cure-all for internet security.

http://www.zdnet.com/how-to-disable-...ac-7000009732/


Terry
_______________________________

[trfour]

You decide whats best for you.
http://threatpost.com/en_us/blogs/it...on-java-012113




Terry
__________________________

[trfour]

Posted on ZDnet today....

http://www.zdnet.com/if-you-need-jav...ad-7000010157/



Terry
___________________________

[NoBozo]

JAVA Update 7-13 is now available. I downloaded and installed it BUT Left it disabled. NB