Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 30 Oct 2014, 15:01
All times are UTC - 4
 Forum index » Off-Topic Area » Security
JRE / JDK Security Thread
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 2 of 3 Posts_count   Goto page: Previous 1, 2, 3 Next
Author Message
James C


Joined: 26 Mar 2009
Posts: 5890
Location: Kentucky

PostPosted: Sat 19 Jan 2013, 19:56    Post_subject:  

http://feedproxy.google.com/~r/cnet/tcoc/~3/_YqiGvBFNTI/

Quote:
"The default security level for Java applets and web start applications has been increased from 'medium' to 'high," Oracle said in an advisory today. "This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the 'high' setting the user is always warned before any unsigned application is run to prevent silent exploitation."

The vulnerability was being exploited by a zero-day Trojan horse called Mal/JavaJar-B, which was already identified as attacking Windows, Linux and Unix systems and being distributed in exploit kits "Blackhole" and "NuclearPack," making it far more convenient to attackers.
Back to top
View user's profile Send_private_message 
gcmartin

Joined: 14 Oct 2005
Posts: 4379
Location: Earth

PostPosted: Sat 19 Jan 2013, 20:02    Post_subject:  

Quote:
... I know there are some who advocate still running java v6 ...
Yeah. Seems I seen several references that indicates HMS is about V7.

By not including a V6 reference in the OP, one could surmise that the OP is about all JAVA . Or further by not including you leave all JAVA open to suspect. I don't think you intended that, though.

You be the judge.

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send_private_message 
Q5sys


Joined: 11 Dec 2008
Posts: 1073

PostPosted: Sat 19 Jan 2013, 20:08    Post_subject:  

gcmartin wrote:
Quote:
... I know there are some who advocate still running java v6 ...
Yeah. Seems I seen several references that indicates HMS is about V7.

By not including a V6 reference in the OP, one could surmise that the OP is about all JAVA . Or further by not including you leave all JAVA open to suspect. I don't think you intended that, though.

You be the judge.


I'll add something about it. Dont know the best way to frame it though.

_________________



Back to top
View user's profile Send_private_message Visit_website 
James C


Joined: 26 Mar 2009
Posts: 5890
Location: Kentucky

PostPosted: Sat 19 Jan 2013, 20:09    Post_subject:  

http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/

Quote:
Java 6, which Oracle is still supporting for the time being, hasn't been vulnerable to most of the recent exploits, although security experts remain mixed on whether it is a more secure alternative to Java 7. Gowdiak said one of the vulnerabilities Security Explorations discovered this week works on both versions while the other works only on Java 7.
Back to top
View user's profile Send_private_message 
Q5sys


Joined: 11 Dec 2008
Posts: 1073

PostPosted: Sat 19 Jan 2013, 20:11    Post_subject:  

jpeps wrote:
Q5sys wrote:
... and on top of that... its unknown if some new exploits work against it.


No it isn't. There are no computer languages that can't be exploited. Bash can be exploited.

Quote:

I know there are some who advocate still running java v6, but that's not necessarily the best choice for people...


Java is running on a few billion devices. Now that you've informed us, I'm sure everyone will proceed to delete it. Thanks for sharing.


You are taking this WAY out of context. I create a simple informative thread, that people can use to check to see if they are using the most up-to-date java version and if there are known exploits that have not been patched.
And you exaggerate to the point of sarcasm suggesting advocating java be deleted.

Can you not have an intelligent discussion about this? You have stated 'facts' which are in fact wrong. Then you take a mindset, which NO ONE HERE has had, and sarcastically comment about deleting Java from a computer.
I have not once advocated that people delete java. I dont know of anyone else who has either. If you can point to where people have suggested that on this forum, please link to that. Or is this another wild unsubstantiated argument? Or are you simply trolling this thread with wild comments because you have nothing better to do?

_________________



Back to top
View user's profile Send_private_message Visit_website 
Q5sys


Joined: 11 Dec 2008
Posts: 1073

PostPosted: Sat 19 Jan 2013, 20:17    Post_subject:  

James C wrote:
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/

Quote:
Java 6, which Oracle is still supporting for the time being, hasn't been vulnerable to most of the recent exploits, although security experts remain mixed on whether it is a more secure alternative to Java 7. Gowdiak said one of the vulnerabilities Security Explorations discovered this week works on both versions while the other works only on Java 7.


Added section about Legacy 6u38 release in first post. It appears the bug that didnt get patched is the one that only affects v7.

_________________



Back to top
View user's profile Send_private_message Visit_website 
8-bit


Joined: 03 Apr 2007
Posts: 3387
Location: Oregon

PostPosted: Sat 19 Jan 2013, 21:49    Post_subject:  

From what I have read so far on the net, javascript is not prone to the security risks that java 7 is.
Also installing an earlier version of java is not the answer as they also had security problems.
Back to top
View user's profile Send_private_message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sat 19 Jan 2013, 22:37    Post_subject:  

8-bit wrote:
From what I have read so far on the net, javascript is not prone to the security risks that java 7 is.
Also installing an earlier version of java is not the answer as they also had security problems.


When was the last time you needed a java plugin?
Back to top
View user's profile Send_private_message 
8-bit


Joined: 03 Apr 2007
Posts: 3387
Location: Oregon

PostPosted: Sun 20 Jan 2013, 23:24    Post_subject:  

In the versions of Puppy I run with Seamonkey as the browser, I have looked and I can find JavaScript, but not Java.
So, does that mean that to have Java (full), one needs to install it?
I run Seamonkey and have never missed not having Java as JavaScript seems to handle most everything.

If I am wrong, please correct me.
Back to top
View user's profile Send_private_message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Mon 21 Jan 2013, 00:11    Post_subject:  

8-bit wrote:
In the versions of Puppy I run with Seamonkey as the browser, I have looked and I can find JavaScript, but not Java.
So, does that mean that to have Java (full), one needs to install it?
I run Seamonkey and have never missed not having Java as JavaScript seems to handle most everything.

If I am wrong, please correct me.


I thought you asked that in another thread; they're two different things with similar names. Web developers generally stopped using Java years ago. It's being used for other purposes. Javascript is an interpreted language coded into the web page; Java is a compiled language that runs applets on computers that have the JRE installed. Many developers switched to Flash (since the user doesn't have to have any preloaded software). I don't know if anyone has a linux browser that loads a java plugin; Firefox certainly doesn't and mozilla blocks java. * I just tested a chrome browser...plugins are only available for windows and mac.


Yes, you'd have to install it. I installed updated binaries as an SFS. Why? Because I can run very complex accounting software, etc., statically....everything works everywhere. Java used to be slow, but both computers and the JRE have improved, so that's no longer an issue. I expect that process to continue. Security? Well, if you get computer viruses that can run your java software, that wouldn't be very good. Systems like puppy are the most ideal, because getting viruses are rare (never heard of it) in addition to offering plenty of protections. So you can have the best of both worlds.
Back to top
View user's profile Send_private_message 
Q5sys


Joined: 11 Dec 2008
Posts: 1073

PostPosted: Sat 02 Feb 2013, 10:53    Post_subject:  

Updated
_________________



Back to top
View user's profile Send_private_message Visit_website 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sat 02 Feb 2013, 12:44    Post_subject:  

Q5sys wrote:
Updated


I'm guessing that it's extremely unlikely that Oracle could prevent all exploits without completely rewriting the entire language from scratch....and perhaps not even then.

Notice how numerous exploits in Chrome were produced by teenagers when a cash reward was offered.

Personally, I'll continue to use Java for apps without any Java browser plugins (if any are available to begin with).
Back to top
View user's profile Send_private_message 
amigo

Joined: 02 Apr 2007
Posts: 2263

PostPosted: Sat 02 Feb 2013, 14:26    Post_subject:  

javascript is completely unrelated to java -it's just an unfortunate mistake in naming...
Back to top
View user's profile Send_private_message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sat 02 Feb 2013, 14:30    Post_subject:  

amigo wrote:
javascript is completely unrelated to java -it's just an unfortunate mistake in naming...


Nobody was talking about javascript...we're updating the jre
Back to top
View user's profile Send_private_message 
Semme

Joined: 07 Aug 2011
Posts: 3978
Location: World_Hub

PostPosted: Fri 15 Feb 2013, 22:43    Post_subject:  

Does the symlink exist- yes or no? Maybe check Shinobars`instructions..
Makoto wrote:
I only install TheAsterisk!'s SFS versions of the JRE - no idea whether or not it creates that symlink. Wouldn't it have a bearing on the Mozilla Plugin Check page, too, though? You'd think that if the Mozilla page can find it, the Java page would...

This with the Asterisk!s`jre-1.7u13-i586.sfs loaded. NO problem..
verify-your-settings.jpg
 Description   
 Filesize   10.98 KB
 Viewed   173 Time(s)

verify-your-settings.jpg

Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 2 of 3 Posts_count   Goto page: Previous 1, 2, 3 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0990s ][ Queries: 13 (0.0131s) ][ GZIP on ]