Java security

For discussions about security.
Message
Author
Wognath
Posts: 423
Joined: Sun 19 Apr 2009, 17:23

Java security

#1 Post by Wognath »

Hello,
The recent news about Java
http://www.npr.org/blogs/thetwo-way/201 ... xperts-say
got my attention since I do banking online using Puppy, and my bank sites require Java.
I don’t know much about Java. While I’m waiting for Oracle to respond to this, I’m hoping the Puppy community (never lacking for strong opinions!) can educate me.
Is Firefox with NoScript adequate protection against this problem, provided I only allow scripts from sites I visit?
Is it sufficient to disable Java in the browser or should Java be deleted from the machine? (in windows, for example)
Do java scripts go away when the browser is closed, or is there the potential for the script to leave malware on the computer?
Thanks.

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#2 Post by Semme »

Not to worry.. Java and JavaScript are entirely different. Fact is, most people don't realize this..

Wognath
Posts: 423
Joined: Sun 19 Apr 2009, 17:23

#3 Post by Wognath »

Not to worry.. Java and JavaScript are entirely different. Fact is, most people don't realize this..
Thanks, Semme. I certainly didn't know that. With javascripts enabled, but with no Java on my machine, I can still do most of what I need to do.
It makes me wonder how often that 137Mb Java folder was actually used!

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#4 Post by jpeps »

Wognath wrote:
Not to worry.. Java and JavaScript are entirely different. Fact is, most people don't realize this..
Thanks, Semme. I certainly didn't know that. With javascripts enabled, but with no Java on my machine, I can still do most of what I need to do.
It makes me wonder how often that 137Mb Java folder was actually used!
This issue is the java plugin for your browser. Firefox 18.0 doesn't even support it to begin with, so there's no problem.

That 137 M Java folder could be replaced by an SFS. The reason you're wondering is because very few puppy users know how to use it.

Wognath
Posts: 423
Joined: Sun 19 Apr 2009, 17:23

#5 Post by Wognath »

This issue is the java plugin for your browser.
OK, I was wrong when I thought I was beginning to understand. What, if anything, does that plugin do after Java is deleted? Is it just an interface between Mozilla and Java?
That 137 M Java folder could be replaced by an SFS.
Mine is (was) a folder in the home directory, with symlink to library in /lib/mozilla.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#6 Post by jpeps »

Wognath wrote:
This issue is the java plugin for your browser.
OK, I was wrong when I thought I was beginning to understand. What, if anything, does that plugin do after Java is deleted? Is it just an interface between Mozilla and Java?
That 137 M Java folder could be replaced by an SFS.
Mine is (was) a folder in the home directory, with symlink to library in /lib/mozilla.
The plugin requires JRE to run, but again, the issue is only the plugin for browsers that support it to begin with. Oracle will no doubt provide a fix.

Leave it to HomeLand Security to supply guidelines. Perhaps people should throw away their smart phones too. Like we've never had a browser vulnerability before. Probably the greatest threat to your personal info is HomeLand Security.

edit: I have firefox on a windows computer with the vulnerable java plugin. There's a notice that it's been blocked by mozilla since Aug 31, 2012 !!

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#7 Post by James C »

Oracle Corp to fix Java security flaw "shortly".....

http://www.reuters.com/article/2013/01/ ... EX20130112
Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. Microsoft Windows and Internet Explorer were involved in about 3 percent of incidents, according to the survey.

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#8 Post by James C »

Mozilla is getting the message across here ..... :)
Attachments
ff 18 windows.JPG
(27.87 KiB) Downloaded 931 times

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#9 Post by jpeps »

James C wrote:Mozilla is getting the message across here ..... :)
Yeah...the plugin has been blocked since August 31, 2012 (read the "more information"). Hardly new information; maybe new for "Homeland Security".
Last edited by jpeps on Sun 13 Jan 2013, 18:11, edited 1 time in total.

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#10 Post by bark_bark_bark »

Isn't that a good thing that they're blocking Java.
....

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#11 Post by jpeps »

bark_bark_bark wrote:Isn't that a good thing that they're blocking Java.
Years ago it was probably considered a cool idea to be able to run little programs through your browser. Now we have malicious code in even in graphics. Why would you want to allow some external site to be able to run programs on your machine through your browser? Note that there's a "disable" button on all your plugins. Better yet...use a text browser whenever possible (links2 includes wonderful graphics).

User avatar
Monsie
Posts: 631
Joined: Thu 01 Dec 2011, 07:37
Location: Kamloops BC Canada

Java panic

#12 Post by Monsie »

Unfortunately, this story has dragged on for weeks and months.... It was just a matter of time before this story came to light again. As I noted in this thread here Oracle has known about many of the security flaws for a long time, and still has about fifty or so known issues to fix since its last update. Now that one or more flaws are being actively exploited, hopefully, the good news is that it may push Oracle to finish its patchwork sooner than later...

Monsie
My [u]username[/u] is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#13 Post by bark_bark_bark »

even with the new update, a lot of security bugs remain.
....

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#14 Post by jpeps »

bark_bark_bark wrote:even with the new update, a lot of security bugs remain.
..and will continue if you're stupid enough to go to unfamiliar sites with a web browser that has a plugin that allows applets to be run by the external site. Fortunately, HomeLand security is here to protect your personal identification from being compromised (unless they need it).

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#15 Post by Flash »

Didn't Oracle claim to own some of the code used by Linux, and threaten to sue anyone using Linux for using "their" code? These guys don't seem to know much about anything.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#16 Post by jpeps »

Flash wrote:Didn't Oracle claim to own some of the code used by Linux, and threaten to sue anyone using Linux for using "their" code? These guys don't seem to know much about anything.
Why not go to their site where there's a contact number, and tell them yourself. I'm sure they will be grateful for your expertise and assistance.

http://www.oracle.com/us/technologies/j ... index.html

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#17 Post by bark_bark_bark »

I could get away with using "their" code because nobody in their right mind would prosecute a 15 year-old for something he didn't know about.

EDIT: I was kidding about using Oracle's code (seriously who wants to steal Oracle's code). I am one who respects copyright and licenses.
....

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#18 Post by Semme »

Update 21 released today >> http://www.oracle.com/technetwork/java/ ... 32873.html

Flash, perhaps a *more appropriate* title for this thread.. ala "Java Security"

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#19 Post by jpeps »

Semme wrote:Update 21 released today >> http://www.oracle.com/technetwork/java/ ... 32873.html

"JDk 7u21 release includes support for JDK for Linux on ARM. The product offers headful support for ARMv6 and ARMv7."

User avatar
Monsie
Posts: 631
Joined: Thu 01 Dec 2011, 07:37
Location: Kamloops BC Canada

#20 Post by Monsie »

jpeps wrote:
Semme wrote:Update 21 released today >> http://www.oracle.com/technetwork/java/ ... 32873.html

"JDk 7u21 release includes support for JDK for Linux on ARM. The product offers headful support for ARMv6 and ARMv7."
On the linked web page I find:
JRE Expiration Date
The expiration date for JRE 7u21 is 07/18/2013
.

Why is this? Does this mean: this patch is a beta release --soon to be replaced by a stable build? Or, is Oracle really referring to the SDK rather than the JRE?

Monsie
My [u]username[/u] is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.

Post Reply