Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 28 Jul 2014, 02:26
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Java security
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [28 Posts]   Goto page: 1, 2 Next
Author Message
Wognath

Joined: 19 Apr 2009
Posts: 164

PostPosted: Sat 12 Jan 2013, 15:30    Post subject:  Java security  

Hello,
The recent news about Java
http://www.npr.org/blogs/thetwo-way/2013/01/11/169156325/computer-users-should-disable-java-7-due-to-security-flaw-experts-say
got my attention since I do banking online using Puppy, and my bank sites require Java.
I don’t know much about Java. While I’m waiting for Oracle to respond to this, I’m hoping the Puppy community (never lacking for strong opinions!) can educate me.
Is Firefox with NoScript adequate protection against this problem, provided I only allow scripts from sites I visit?
Is it sufficient to disable Java in the browser or should Java be deleted from the machine? (in windows, for example)
Do java scripts go away when the browser is closed, or is there the potential for the script to leave malware on the computer?
Thanks.
Back to top
View user's profile Send private message 
Semme

Joined: 07 Aug 2011
Posts: 3578
Location: World_Hub

PostPosted: Sat 12 Jan 2013, 16:15    Post subject:  

Not to worry.. Java and JavaScript are entirely different. Fact is, most people don't realize this..
Back to top
View user's profile Send private message 
Wognath

Joined: 19 Apr 2009
Posts: 164

PostPosted: Sat 12 Jan 2013, 16:45    Post subject:  

Quote:
Not to worry.. Java and JavaScript are entirely different. Fact is, most people don't realize this..

Thanks, Semme. I certainly didn't know that. With javascripts enabled, but with no Java on my machine, I can still do most of what I need to do.
It makes me wonder how often that 137Mb Java folder was actually used!
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sat 12 Jan 2013, 18:05    Post subject:  

Wognath wrote:
Quote:
Not to worry.. Java and JavaScript are entirely different. Fact is, most people don't realize this..

Thanks, Semme. I certainly didn't know that. With javascripts enabled, but with no Java on my machine, I can still do most of what I need to do.
It makes me wonder how often that 137Mb Java folder was actually used!


This issue is the java plugin for your browser. Firefox 18.0 doesn't even support it to begin with, so there's no problem.

That 137 M Java folder could be replaced by an SFS. The reason you're wondering is because very few puppy users know how to use it.
Back to top
View user's profile Send private message 
Wognath

Joined: 19 Apr 2009
Posts: 164

PostPosted: Sat 12 Jan 2013, 18:30    Post subject:  

Quote:
This issue is the java plugin for your browser.

OK, I was wrong when I thought I was beginning to understand. What, if anything, does that plugin do after Java is deleted? Is it just an interface between Mozilla and Java?

Quote:
That 137 M Java folder could be replaced by an SFS.

Mine is (was) a folder in the home directory, with symlink to library in /lib/mozilla.
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sat 12 Jan 2013, 18:51    Post subject:  

Wognath wrote:
Quote:
This issue is the java plugin for your browser.

OK, I was wrong when I thought I was beginning to understand. What, if anything, does that plugin do after Java is deleted? Is it just an interface between Mozilla and Java?

Quote:
That 137 M Java folder could be replaced by an SFS.

Mine is (was) a folder in the home directory, with symlink to library in /lib/mozilla.


The plugin requires JRE to run, but again, the issue is only the plugin for browsers that support it to begin with. Oracle will no doubt provide a fix.

Leave it to HomeLand Security to supply guidelines. Perhaps people should throw away their smart phones too. Like we've never had a browser vulnerability before. Probably the greatest threat to your personal info is HomeLand Security.

edit: I have firefox on a windows computer with the vulnerable java plugin. There's a notice that it's been blocked by mozilla since Aug 31, 2012 !!
Back to top
View user's profile Send private message 
James C


Joined: 26 Mar 2009
Posts: 5679
Location: Kentucky

PostPosted: Sun 13 Jan 2013, 13:05    Post subject:  

Oracle Corp to fix Java security flaw "shortly".....

http://www.reuters.com/article/2013/01/12/us-usa-java-security-idUSBRE90B0EX20130112

Quote:
Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. Microsoft Windows and Internet Explorer were involved in about 3 percent of incidents, according to the survey.
Back to top
View user's profile Send private message 
James C


Joined: 26 Mar 2009
Posts: 5679
Location: Kentucky

PostPosted: Sun 13 Jan 2013, 13:08    Post subject:  

Mozilla is getting the message across here ..... Smile
ff 18 windows.JPG
 Description   
 Filesize   27.87 KB
 Viewed   865 Time(s)

ff 18 windows.JPG

Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sun 13 Jan 2013, 14:00    Post subject:  

James C wrote:
Mozilla is getting the message across here ..... Smile


Yeah...the plugin has been blocked since August 31, 2012 (read the "more information"). Hardly new information; maybe new for "Homeland Security".

Last edited by jpeps on Sun 13 Jan 2013, 14:11; edited 1 time in total
Back to top
View user's profile Send private message 
bark_bark_bark

Joined: 05 Jun 2012
Posts: 780
Location: USA

PostPosted: Sun 13 Jan 2013, 14:06    Post subject:  

Isn't that a good thing that they're blocking Java.
_________________
Desktop: Intel 945PSN Motherboard, 3.2Ghz P-IV "Prescott 2M", 2GB RAM, 500GB WD HDD, Windows 7
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sun 13 Jan 2013, 14:41    Post subject:  

bark_bark_bark wrote:
Isn't that a good thing that they're blocking Java.


Years ago it was probably considered a cool idea to be able to run little programs through your browser. Now we have malicious code in even in graphics. Why would you want to allow some external site to be able to run programs on your machine through your browser? Note that there's a "disable" button on all your plugins. Better yet...use a text browser whenever possible (links2 includes wonderful graphics).
Back to top
View user's profile Send private message 
Monsie


Joined: 01 Dec 2011
Posts: 633
Location: Kamloops BC Canada

PostPosted: Sun 13 Jan 2013, 17:26    Post subject: Java panic  

Unfortunately, this story has dragged on for weeks and months.... It was just a matter of time before this story came to light again. As I noted in this thread here Oracle has known about many of the security flaws for a long time, and still has about fifty or so known issues to fix since its last update. Now that one or more flaws are being actively exploited, hopefully, the good news is that it may push Oracle to finish its patchwork sooner than later...

Monsie

_________________
My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Back to top
View user's profile Send private message 
bark_bark_bark

Joined: 05 Jun 2012
Posts: 780
Location: USA

PostPosted: Mon 14 Jan 2013, 19:58    Post subject:  

even with the new update, a lot of security bugs remain.
_________________
Desktop: Intel 945PSN Motherboard, 3.2Ghz P-IV "Prescott 2M", 2GB RAM, 500GB WD HDD, Windows 7
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Mon 14 Jan 2013, 20:51    Post subject:  

bark_bark_bark wrote:
even with the new update, a lot of security bugs remain.


..and will continue if you're stupid enough to go to unfamiliar sites with a web browser that has a plugin that allows applets to be run by the external site. Fortunately, HomeLand security is here to protect your personal identification from being compromised (unless they need it).
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10936
Location: Arizona USA

PostPosted: Mon 14 Jan 2013, 23:24    Post subject:  

Didn't Oracle claim to own some of the code used by Linux, and threaten to sue anyone using Linux for using "their" code? These guys don't seem to know much about anything.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [28 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0863s ][ Queries: 13 (0.0047s) ][ GZIP on ]