Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Latest Java vulnerability - advice appreciated


  • Please log in to reply
7 replies to this topic

#1 n01paranoid

n01paranoid

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 27 September 2012 - 02:24 PM

https://www.securityweek.com/newly-discovered-java-vulnerability-enables-bypass-security-sandbox

I just wondered what advice the folk here had regarding Java - disable, uninstall or do nothing. The problem is my email accounts and Lastpass, to name just a few, require Java enabled to function. Is there a workaround, or some other solution, to be able to continue to use them but avoid Java related security vulnerabilities.

BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 913 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:07:52 PM

Posted 27 September 2012 - 03:24 PM

Hi,

You are probably confusing Java and JavaScript, two different things check this article.
Many sites will need JavaScript enable to work not Java, you can disable Java support on the web browser this will allow you to run java applications on your PC and will protect your computer from the recent java exploits been exploited on the web.

If you need java for some trusted sites enable java in one browser to access those sites and use other browser without java enable for every day use.

Edited by SleepyDude, 27 September 2012 - 03:25 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU
___
Rui

 
 


#3 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 29 September 2012 - 05:11 AM

Thanks a lot for the response, really appreciated. Articles I've read also mention a number of javascript vulnerabilities such as cross-site scripting which caused confusion on my part. Anyway, to be reasonably safe, I've uninstalled Java.

#4 SleepyDude

SleepyDude

  • Malware Response Team
  • 913 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:07:52 PM

Posted 29 September 2012 - 05:43 AM

Thanks a lot for the response, really appreciated. Articles I've read also mention a number of javascript vulnerabilities such as cross-site scripting which caused confusion on my part. Anyway, to be reasonably safe, I've uninstalled Java.


Yes its true JavaScript have also some security problems but if disabled it will brake many sites functionality.
If you use Firefox the NoScript extension can be used to enable javascript, java and flash only on certain sites you choose.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU
___
Rui

 
 


#5 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 02 October 2012 - 10:03 AM

I used to use Chrome's NoScript equivalent, ScriptNo, but I found it a real pain having to go through each entry and work out the minimum that could be allowed for a site to function. In the end I just tended to allow everything which rather defeats the object of it. I've now decided to reenable it and put up with the inconvenience.

#6 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,165 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:02:52 PM

Posted 02 October 2012 - 08:26 PM

This is Oracle Java vulnerability and still not confirmed by Oracle. You do not have to use any Javascript blocking tool. Java and Javascript are two entirely different things.

How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse

If there is some Javascript vulnerability in Chrome, then usually it is patched withing a few days automatically via browser updates. Nothing to worry about.

#7 pauljoseph606

pauljoseph606

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 10 November 2012 - 03:37 AM

Hi I am paul. From last 2 days my lap is working very slowly. I just run a scan on my lap and it shows more than 2000 threads and all of them are .exe files and and some other files. My antivirus is not able remove these threads. And some times it is suddenly restarting with out any notice. I have downloaded speedpcpro from www.cleanallvirus.com website and installed it and I run a scan with it. It is showing more than 3000 threads but it is also failed to delete it.

Any help would be appreciated...

#8 jburd1800

jburd1800

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 10 November 2012 - 07:25 PM

Hi I am paul. From last 2 days my lap is working very slowly. I just run a scan on my lap and it shows more than 2000 threads and all of them are .exe files and and some other files. My antivirus is not able remove these threads. And some times it is suddenly restarting with out any notice. I have downloaded speedpcpro from www.cleanallvirus.com website and installed it and I run a scan with it. It is showing more than 3000 threads but it is also failed to delete it.

Any help would be appreciated...

You really need to start your own topic AII

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users