CRITICAL: Active Security Issue

Discussion in 'Computers' started by Gromett, Jan 13, 2013.

  1. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,941
    Likes Received:
    14,017
    Location:
    UK
    This time it is true the Department of Homeland Security in the US has even weighed in on it...

    It is important that you disable Java (not javascript) plugin in your web browser. I can't give detailed instructions here as there is a massive number of combinations of web browser/OS to cover. Google is your friend.

    Here is a Reuters link to the DHS announcment.
    http://www.reuters.com/article/2013/01/11/us-java-security-idUSBRE90A0S320130111

    Here is a tech site report on it. (Easy read)
    http://arstechnica.com/security/201...bug-is-being-massively-exploited-in-the-wild/

    Here is a more details overview
    https://partners.immunityinc.com/idocs/Java MBeanInstantiator.findClass 0day Analysis.pdf

    PLEASE NOTE: Even if your AV is up to date and you have installed all the latest updates you are still affected by this. You don't need to download anything or run anything as the bug can be exploited in what is known as a drive by download. You need to disable the Java Plugin for your web browser.
     
    • Like Like x 2
  2. Johns_Cross_Motorhomes

    Johns_Cross_Motorhomes Trader - Motorhome & Accessory Sales

    Joined:
    Jan 5, 2008
    Messages:
    9,248
    Likes Received:
    5,199
    Location:
    East Sussex 01-580-881288
    If one is using Firefox does this still apply and if so how does one disbable it?

    Peter
     
  3. hilldweller

    hilldweller Funster Life Member

    Joined:
    Dec 5, 2008
    Messages:
    26,462
    Likes Received:
    25,156
    Location:
    Macclesfield
    Yes.

    Top left FIREFOX v click it.

    Addons click it.

    Go through all tabs and if you spot Java - disable it.
     
  4. scotjimland

    scotjimland Funster Life Member

    Joined:
    Jul 25, 2007
    Messages:
    28,934
    Likes Received:
    25,574
    Location:
    .
  5. Johns_Cross_Motorhomes

    Johns_Cross_Motorhomes Trader - Motorhome & Accessory Sales

    Joined:
    Jan 5, 2008
    Messages:
    9,248
    Likes Received:
    5,199
    Location:
    East Sussex 01-580-881288
    Thanks Brian, Java not listed:Smile:

    Peter
     
  6. Johns_Cross_Motorhomes

    Johns_Cross_Motorhomes Trader - Motorhome & Accessory Sales

    Joined:
    Jan 5, 2008
    Messages:
    9,248
    Likes Received:
    5,199
    Location:
    East Sussex 01-580-881288
    Windows explorer was enabled:cry:now disabled:Smile:

    Peter
     
    • Like Like x 1
  7. sedge

    sedge Funster

    Joined:
    Jul 7, 2009
    Messages:
    4,501
    Likes Received:
    3,859
    Location:
    Nr Jct 3 M6
    Oh, err, sheet.

    Job for Pete when he gets hone in 90 mins, methinks. Mind you occasionally it tries to get you to update it and must confess, I never click on it cos when I have it;s said it couldn't do it. So dunno if it actually works on this puter or not, but it certainly must have a presence.

    Not keen on going into 'regedit' like Krebs tell you to, meself .......
     
  8. Reallyretired

    Reallyretired Funster

    Joined:
    Apr 27, 2008
    Messages:
    5,706
    Likes Received:
    3,211
    Location:
    Eastbourne East Sussex
    As long as your Firefox is up to date it will have Java disabled as of last October for this very reason.:thumb:
    Don't know about Internet Explorer as I never use it.
     
  9. Phill D

    Phill D

    Joined:
    Dec 6, 2011
    Messages:
    4,414
    Likes Received:
    4,632
    Location:
    South Wales
    i have disabled java script in chrome and it stops me viewing the Forums latest postings . i click on forums and get a blank headed screen. re instate java in chrome and all is ok.

    so i assume this part of the site uses java script
     
  10. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,941
    Likes Received:
    14,017
    Location:
    UK
    Not quite true. They disabled all OLD versions but not the current version last october. However they have now disabled the current version (2 days ago).

    It is still best to check to be sure though especially if you haven't updated to the latest version yet.

    https://blog.mozilla.org/security/
     
  11. gypsyrose

    gypsyrose Funster

    Joined:
    Jun 22, 2008
    Messages:
    239
    Likes Received:
    33
    Location:
    Mid Glamorgan
    Bit lost here (normal for me with anything techie!) :Wink:
    I have Firefox and I just checked plugins ....shows the following:-
    Java Deployment Toolkit 7.070.11.10.7.2.11 - ENABLED
    Java (TM) Platform SE7U9 10.9.2.5 - DISABLED

    Can anyone reassure me ...or otherwise?!! Should I disable the 1st one? :Doh:
     
  12. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,941
    Likes Received:
    14,017
    Location:
    UK
    The problem is with JAVA not JAVASCRIPT. And it is only with the Java plugin for web browsers not the Java runtime installed on your computer. You can leave javascript enabled on this site and others that you know are good. You can leave the Java install on your computer as you may need it for some software. However disabling the plugin that lets website run java software in your browser should be disabled. I Hope this is clear?

    It sounds like you have an old version of firefox? Can you update?
    This should have been disabled by firefox from what I understand.
     
    • Like Like x 1
  13. Wildbill

    Wildbill Funster

    Joined:
    Nov 18, 2011
    Messages:
    7,082
    Likes Received:
    12,079
    Location:
    goole
  14. 1_man_and_his_dob(lo)

    1_man_and_his_dob(lo) Funster

    Joined:
    Feb 4, 2010
    Messages:
    2,253
    Likes Received:
    1,516
    Location:
    Mid. Glamorgan, S. Wales
    The Java Deployment Toolkit does not get disabled automatically by the latest Firefox (or in my case, SeaMonkey) - it's not a security threat. You can disable it manually if you want and it's unlikely to break anything - it's usually used by the web browser to check what versions of Java you have running on your PC, in case the Java application (applet) being lauched from the web browser requires a specific version.
     
  15. Wildbill

    Wildbill Funster

    Joined:
    Nov 18, 2011
    Messages:
    7,082
    Likes Received:
    12,079
    Location:
    goole
    just been on old Mo's post apparently the INTERNET doesn't implode today
    so don't panic Mr manwering wear all doomed doomed i tell ye
     
    Last edited: Jan 13, 2013
  16. maz

    maz Funster

    Joined:
    Jan 26, 2011
    Messages:
    2,516
    Likes Received:
    2,157
    Location:
    Out there somewhere
    Um, trying to read and understand this thread. Have waded through the Chrome help to Blocked Plug-Ins http://support.google.com/chrome/bin/answer.py?hl=en&answer=1247383

    Under Settings > Content Settings, and clicking on Disable Individual Plug-Ins, Java doesn't appear in the list. So maybe I've never had it as a Plug-In anyway? Or is there somewhere else I should be looking?
    :wub:
     
  17. gypsyrose

    gypsyrose Funster

    Joined:
    Jun 22, 2008
    Messages:
    239
    Likes Received:
    33
    Location:
    Mid Glamorgan
     
  18. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,941
    Likes Received:
    14,017
    Location:
    UK
    It was disabled in my windows installation and is not present on my linux installations.

    I just did a quick search for you and found this article on how to get rid of it.

    http://www.ghacks.net/2010/04/25/how-to-remove-the-java-deployment-toolkit-from-firefox/

    I am not certain there is any risk in keeping it however as previously posted and explained in this article it is a version management module. I don't like anything on my computer I don't know about so have totally removed it.
     
  19. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,941
    Likes Received:
    14,017
    Location:
    UK
    Just checked on the linux install and surprisingly it is secure and doesn't suffer from this security issue (IcedTea)...

    Still disabled it.
     
  20. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,941
    Likes Received:
    14,017
    Location:
    UK
Loading...

Share This Page