 |
Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in|
The time now is Sun 09 Mar 2014, 13:21 All times are UTC - 4 |
 Forum index » Off-Topic Area » Security |
|
Java security
|
 
|
View_previous_topic :: View_next_topic |
| Page 1 of 2 Posts_count | Goto page: 1, 2 Next |
| Author | Message | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Wognath
Joined: 19 Apr 2009 Posts: 146 |
Hello, The recent news about Java http://www.npr.org/blogs/thetwo-way/2013/01/11/169156325/computer-users-should-disable-java-7-due-to-security-flaw-experts-say got my attention since I do banking online using Puppy, and my bank sites require Java. I don’t know much about Java. While I’m waiting for Oracle to respond to this, I’m hoping the Puppy community (never lacking for strong opinions!) can educate me. Is Firefox with NoScript adequate protection against this problem, provided I only allow scripts from sites I visit? Is it sufficient to disable Java in the browser or should Java be deleted from the machine? (in windows, for example) Do java scripts go away when the browser is closed, or is there the potential for the script to leave malware on the computer? Thanks. |
|||||||||||||
|
||||||||||||||
 |
||||||||||||||
|
Semme
Joined: 07 Aug 2011 Posts: 2978 Location: World_Hub |
Not to worry.. Java and JavaScript are entirely different. Fact is, most people don't realize this.. |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
Wognath
Joined: 19 Apr 2009 Posts: 146 |
Thanks, Semme. I certainly didn't know that. With javascripts enabled, but with no Java on my machine, I can still do most of what I need to do. It makes me wonder how often that 137Mb Java folder was actually used! |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
jpeps
Joined: 31 May 2008 Posts: 3120 |
This issue is the java plugin for your browser. Firefox 18.0 doesn't even support it to begin with, so there's no problem. That 137 M Java folder could be replaced by an SFS. The reason you're wondering is because very few puppy users know how to use it. |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
Wognath
Joined: 19 Apr 2009 Posts: 146 |
OK, I was wrong when I thought I was beginning to understand. What, if anything, does that plugin do after Java is deleted? Is it just an interface between Mozilla and Java?
Mine is (was) a folder in the home directory, with symlink to library in /lib/mozilla. |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
jpeps
Joined: 31 May 2008 Posts: 3120 |
The plugin requires JRE to run, but again, the issue is only the plugin for browsers that support it to begin with. Oracle will no doubt provide a fix. Leave it to HomeLand Security to supply guidelines. Perhaps people should throw away their smart phones too. Like we've never had a browser vulnerability before. Probably the greatest threat to your personal info is HomeLand Security. edit: I have firefox on a windows computer with the vulnerable java plugin. There's a notice that it's been blocked by mozilla since Aug 31, 2012 !! |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
James C
 Joined: 26 Mar 2009 Posts: 5327 Location: Kentucky |
Oracle Corp to fix Java security flaw "shortly"..... http://www.reuters.com/article/2013/01/12/us-usa-java-security-idUSBRE90B0EX20130112
|
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
James C
Joined: 26 Mar 2009 Posts: 5327 Location: Kentucky |
Mozilla is getting the message across here ..... 
|
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
jpeps
Joined: 31 May 2008 Posts: 3120 |
Yeah...the plugin has been blocked since August 31, 2012 (read the "more information"). Hardly new information; maybe new for "Homeland Security". Edited_time_total |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
bark_bark_bark
Joined: 05 Jun 2012 Posts: 667 Location: USA |
Isn't that a good thing that they're blocking Java. _________________ Desktop: Intel 945PSN Board, 3.2Ghz P-IV "Prescott 2M", 2GB RAM, 160GB WD HDD (IDE connected as SATA), Slackware 14.1, LMDE, Akita Beta 16 and Puppy Arcade 11 Netbook: Acer AOD257 with 2GB upgrade, Slackware 14.1 and LMDE |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
jpeps
Joined: 31 May 2008 Posts: 3120 |
Years ago it was probably considered a cool idea to be able to run little programs through your browser. Now we have malicious code in even in graphics. Why would you want to allow some external site to be able to run programs on your machine through your browser? Note that there's a "disable" button on all your plugins. Better yet...use a text browser whenever possible (links2 includes wonderful graphics). |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
Monsie
 Joined: 01 Dec 2011 Posts: 633 Location: Kamloops BC Canada |
Unfortunately, this story has dragged on for weeks and months.... It was just a matter of time before this story came to light again. As I noted in this thread here Oracle has known about many of the security flaws for a long time, and still has about fifty or so known issues to fix since its last update. Now that one or more flaws are being actively exploited, hopefully, the good news is that it may push Oracle to finish its patchwork sooner than later... Monsie _________________ My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school. |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
bark_bark_bark
Joined: 05 Jun 2012 Posts: 667 Location: USA |
even with the new update, a lot of security bugs remain. _________________ Desktop: Intel 945PSN Board, 3.2Ghz P-IV "Prescott 2M", 2GB RAM, 160GB WD HDD (IDE connected as SATA), Slackware 14.1, LMDE, Akita Beta 16 and Puppy Arcade 11 Netbook: Acer AOD257 with 2GB upgrade, Slackware 14.1 and LMDE |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
jpeps
Joined: 31 May 2008 Posts: 3120 |
..and will continue if you're stupid enough to go to unfamiliar sites with a web browser that has a plugin that allows applets to be run by the external site. Fortunately, HomeLand security is here to protect your personal identification from being compromised (unless they need it). |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
Flash
Official Dog Handler  Joined: 04 May 2005 Posts: 10561 Location: Arizona USA |
Didn't Oracle claim to own some of the code used by Linux, and threaten to sue anyone using Linux for using "their" code? These guys don't seem to know much about anything. |
|||||||||||||
|
||||||||||||||
|
||||||||||||||
Java security
| Page 1 of 2 Posts_count | Goto page: 1, 2 Next |
|
|
View_previous_topic :: View_next_topic |
|
Forum index » Off-Topic Area » Security |
Rules_post_cannot Rules_reply_cannot Rules_edit_cannot Rules_delete_cannot Rules_vote_cannot You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group