HOME

SHOP ORGONE CRYSTALS

528Hz

Vote For Warrior Matrix at Conspiracy Top Sites

daily quote warrior matrix

Follow Us On Facebook
Experts advise users and companies worldwide to disable....

 
Post new topicReply to topic
   Warrior Matrix Forum Index -> Computer Security
View previous topic :: View next topic  
Author Message
west_awaken
Member


Joined: 29 Oct 2012
Posts: 124
Location: Earth

PostPosted: Fri Jan 11, 2013 5:34 pm    Post subject: Experts advise users and companies worldwide to disable.... Reply with quote

WARNING WARNING !!


Security experts, researchers and analysts have discovered a vulnerability in the widely used Java software that has the potential to allow hackers to access to your computer.

Experts advise users and companies worldwide to disable Oracle’s Java due to severe security flaw

http://www.humanipo.com/news/3252/Experts-advise-users-and-companies-w orldwide-to-disable-Oracles-Java-due-to-severe-security-flaw



Oracle’s Java platform is used and installed on more than one billion user computers worldwide. Three billion mobile phones are running the software too.

With an ecosystem of approximately nine million certified Java developers, the new vulnerability presents a headache for Oracle given its wide usage in many industries and many datacenters.

Yesterday (Thursday), the US-CERT’s Vulnerability Notes Database, a service that provides timely information about software vulnerabilities, issued a warning that said “Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.”

Numerous reports worldwide suggest this security flaw is being exploited and included “exploit kits” that make it easier for hackers with bad motives to attack users’ computers and any other computer or server running this version of Java.

Exploits are already available for sale and download for US$700 a quarter or US$1,500 for a year’s subscription.

The only solution, as suggested by many experts, at this stage seems to be that users and those affected to disable Java (or uninstall) on their computers as Oracle have yet to issue a fix to the vulnerability.

The “impact” of this vulnerability is seen as severe by the US-CERT as they state “by convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system”.

They, US-CERT, also see no workaround or solution to the vulnerability at the moment and they concur with experts by suggesting: “We are currently unaware of a practical solution to this problem. Please consider the following workarounds: Disable Java in web browsers.”

HumanIPO has contacted Oracle South Africa and have yet to get an official confirmation regarding the solution or development of such a solution from the global software company.

This report will be updated as soon as Oracle officially communicate a solution.
Back to top
View user's profile Send private message
TheNH813
Member


Joined: 02 Oct 2012
Posts: 319
Location: Next to my 1.2 KiloWatt Mobius coil.

PostPosted: Sat Jan 12, 2013 4:04 am    Post subject: Reply with quote

I will disable java completely untill a patch is released.
I will send a warning to everyone I know.
Im expecting a emergency patch within a few days.
_________________
- TheNH813
ORGONITE AWAY!!
Back to top
View user's profile Send private message
tuxedo meow
Member


Joined: 07 Mar 2011
Posts: 1443
Location: variable

PostPosted: Sat Jan 12, 2013 3:10 pm    Post subject: Reply with quote

my laptop refused to update java yesterday.
_________________
"Those who were seen dancing were thought to be insane by those who could not hear the music"
Back to top
View user's profile Send private message
EMRKid
Member


Joined: 20 Dec 2012
Posts: 171
Location: Australia

PostPosted: Sun Jan 13, 2013 3:22 am    Post subject: Reply with quote

I have the latest MS WIN 8 and I went through ALL APPS and I couldn't find Java on the system. I use to have on WIN XP and Vista. Looks as though MS may have dumped it, or those other times I must have downloaded the programme. So, should I have Java on WIN 8? Can anyone answer that question?
Back to top
View user's profile Send private message
EMRKid
Member


Joined: 20 Dec 2012
Posts: 171
Location: Australia

PostPosted: Sun Jan 13, 2013 3:37 am    Post subject: Reply with quote

So, for a layman like me, what should I do as a GENERAL user. I am led to believe if you disable Java in WIN 8, it might probably crash????

Setting the Security Level of the Java Client


Contents
Ensuring the Most Secure JRE
Disabling Java in the Browser
Setting the Security Level of Unsigned Apps
Security Options for Trusted Signed or Self-Signed Apps
Install Options
Apps with Mixed Code

As of the JDK 7u10 release, a user may control, via the Java Control Panel, the level of security that will be used when running unsigned (also called "untrusted" or "sandboxed") Java apps in a browser. The user may select from five levels of security, including disabled, where no apps are allowed to run in the browser.

These security levels apply to running Java in the browser, which includes plugin applets, Java Web Start applications, embedded JavaFX applications, and access to the native deployment toolkit plugins. Setting the security level does not affect stand alone applications. Note that applets and these various types of applications are collectively referred to as apps or Java apps.

Ensuring the Most Secure JRE

Before the browser plugin software attempts to run a Java app, it verifies that the JRE version is at or above the security baseline for that family and that the age of the JRE is recent. If the JRE is deemed expired or insecure, additional security warnings are displayed. In most of these dialogs, the user has the option to block running the app, to continue running the app, or to go to java.com to download the latest release.

Disabling Java in the Browser

For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab.

Setting the Security Level of Unsigned Apps

---------------------------------------------------------------------- ----------

Note: These settings affect all browsers that use Oracle's Java browser plug-in. They do not affect desktop (also called stand alone) Java apps.

---------------------------------------------------------------------- ----------

A Security Level slider has been added to the Java Control Panel (under the Security tab) to control the behavior when attempting to run unsigned apps (either from the web or local). The user can select low, medium, high or very high security settings. There are fewer security warnings at the lowest setting. While it is called the "Security Level control" (or slider), it can be thought of as the ability to control the level of notification you will receive when the browser attempts to run unsigned Java apps.

The following list summarizes the behavior of the different levels:
Low Most unsigned Java apps in the browser will run without prompting unless they request access to a specific old version or to protected resources on the system.
Medium Unsigned Java apps in the browser will run without prompting only if the Java version is considered secure. (The JRE version should not be expired and should be at or above the latest security update release of Java from Oracle.) You will be prompted if an unsigned app requests to run on an old version of Java. To download the latest version of Java, go to java.com.
High You will be prompted before any unsigned Java app runs in the browser. If the JRE is expired or below the security baseline, you will be given an option to update.
Very High Unsigned (sandboxed) apps and local applets will not run.

The default security level is medium.

Additionally, there are two checkboxes available in the Java Control Panel (under the Advanced tab) that are relevant to unsigned apps:
Show sandbox warning banner
Disables the warning icon that appears next to top level windows opened from an unsigned app.
Allow user to accept JNLP security requests Allows an unsigned app that is deployed via JNLP to ask the user for increased access to computer resources like the hard drive or the printer.

Security Options for Trusted Signed or Self-Signed Apps

Note that the security options for trusted signed and self-signed apps has not changed in the 7u10 release. These options were available prior to the 7u10 release.

To select the behavior when attempting to run trusted signed or self-signed apps, there are several checkboxes available in the Java Control Panel (under the Advanced tab):
Allow user to grant permissions to signed content
Allow user to grant permissions to content from an untrusted authority
Don't prompt for client certificate selection when no certificates or only one exists
Warn if site certificate does not match hostname
Show site certificate even if it is valid

Install Options

In the JDK 7u10 release, new arguments for command line installation support setting the security level for Java in the browser. Admin privileges are required to install the JRE. Note that, in the 7u10 timeframe, these arguments are available only on Microsoft Windows.
On installation, the WEB_JAVA argument has the following effect: WEB_JAVA=1 enables Java in the browserWEB_JAVA=0 disables Java in the browser
On installation, the WEB_JAVA_SECURITY_LEVEL argument has the following effect: WEB_JAVA_SECURITY_LEVEL=VH sets the security level to very highWEB_JAVA_SECURITY_LEVEL=H sets the security level to highWEB_JAVA_SECURITY_LEVEL=M sets the security level to mediumWEB_JAVA_SECURITY_LEVEL=L sets the security level to low

After installation of the JRE, verify the security level settings in the Java Control Panel.

Apps with Mixed Code

This information also applies to untrusted apps that have signed trusted extensions, but not to signed trusted apps that have unsigned unstrusted extensions. For more information, see Mixing Signed and Unsigned Code.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topicReply to topic
   Warrior Matrix Forum Index -> Computer Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum