Menu
What's new

Hacker news from Homeland security!

P

Paul Downes

Member
Messages
959
Location
Westphalia, Michigan
Heard on the local news tonight that the Department of Homeland Security is warning everyone to disable Java in their web browser. It seems Hackers have found a flaw and are using it to get personal information.
 
Thanks Paul, found the link on the us-cert site too.

http://www.us-cert.gov/cas/techalerts/TA13-010A.html

There is a list of how-to disable in this doc for various browsers.

http://nakedsecurity.sophos.com/2012/08/30/how-turn-off-java-browser/

Can also go to Start>>Control Panel>>Java, then go to the security tab and uncheck the option to enable it in browsers, save, and restart your browsers to take effect. If you don't see the java option, click in the search box and type Java and it should come up if you have it installed, if not you've got nothing to worry about. :wave:
 
Yup heard about it and took the neccessary action pretty quick. Poor Oracle. To get singles out like this. There has been security flaws in every bit of software written. They get fixed by patches but my concern here would be the way this has been sold through the media that many will not bother to dig and read through the detail, it will be either do nothing or dump the whole lot. Sad I wonder why it had to go this way but i aint spending more time on checking why?

The stakes are really getting high in a corporation when it comes to a mistake. Punishing mistakes leads to a total lack of innovation. Thats my argument and i am sticking to it. :D
 
Java was born with flaws. We even make purchase decisions on software at work based on whether java is required or not. Oops, sorry, knee-jerk reaction :D. Seriously, I only enable it as required and then disable it. I choose very carefully if what I want to do is worth turning it on. Sorry Java; not picking on you. You are not alone in this respect when it comes to my computing habits.

If you just keep this simple phrase in mind all your computing days will be filled with joy: "The internet is not an amusement park, it is the gateway to Cocytus, the ninth circle of HELL". Have fun.
 
Last edited:
Could this explain why I had a bad computer virus last summer and had to have my hard drive reformatted and why I had unauthorized charges on my debit card, this last month? Had to get a new debit card. I noticed $30 worth of unauthorized charges on 12/26 and immediately notified the bank. Got a new card. Since than the back has told me there have been over $2000 worth of charges attempted against my old care.
 
Paul Douglass said:
Could this explain why I had a bad computer virus last summer and had to have my hard drive reformatted and why I had unauthorized charges on my debit card, this last month? Had to get a new debit card. I noticed $30 worth of unauthorized charges on 12/26 and immediately notified the bank. Got a new card. Since than the back has told me there have been over $2000 worth of charges attempted against my old care.
Click to expand...

It's possible, but almost wish the odds of winning the lottery was as good of chances of getting a virus or malware.

Always have to ask yourself what else are you doing to protect your computer? What virus software and malware protection are you running? What are your habits in regards to opening emails from folks you don't know or opening unexpected attachments from anyone? Do you play games on social sites, like fb or google+?

I also keep a separate free bank account with it's own debit card for internet purchases. At least if it gets hit, it will minimize the amount they can take and always have the dispute process to get that back.
 
You are correct Darren, I really think I got the virus from a game my Grandson down loaded when he was visiting. I don't do games. On advice from my bank I don't purchase on the internet with my debit card any more. I use a credit card so they don't have access to my bank account.

I did get credit for the unauthorized purchases, it just was an inconvenience.
 
If I disable java then I can't even access videos posted on here or other woodworking sites that were originally posted on YouTube. Is there another program that will let me do that?
 
Alan Bienlein said:
If I disable java then I can't even access videos posted on here or other woodworking sites that were originally posted on YouTube. Is there another program that will let me do that?
Click to expand...

I think you're thinking of Adobe Flash, that is what many of the video players use. You don't have to uninstall Java, but probably easier for many and it's not used in a lot of mainstream programs you'd run on Windows or Mac, just need to disable it in any of your browsers you use.
 
Darren Wright said:
I think you're thinking of Adobe Flash, that is what many of the video players use. You don't have to uninstall Java, but probably easier for many and it's not used in a lot of mainstream programs you'd run on Windows or Mac, just need to disable it in any of your browsers you use.
Click to expand...

No if I disable java I can no longer sign in to you tube or play the videos. Disabling adobe flash has no affect on the you tube videos playing.
 
Alan Bienlein said:
No if I disable java I can no longer sign in to you tube or play the videos. Disabling adobe flash has no affect on the you tube videos playing.
Click to expand...

Are you using Windows or mac?

What browser are you using?

You're not confusing Javascript with Java right? They are named similar, but are two different things.

Let me know, will be happy to help troubleshoot. :wave:
 
I'm using windows.

Google chrome but it does the same thing in Firefox

Good question? In programs it list Java 7 update 7 (64-bit)
Java 7 update 9
JavaFX 2.1.1

Do I need to go to the java control panel?

In setting in Google Chrome I typed Java in the search box and it had me go to content settings and it only list Javascript.

Which one do I need to disable and how?
 
Alan Bienlein said:
I'm using windows.

Google chrome but it does the same thing in Firefox

Good question? In programs it list Java 7 update 7 (64-bit)
Java 7 update 9
JavaFX 2.1.1

Do I need to go to the java control panel?

In setting in Google Chrome I typed Java in the search box and it had me go to content settings and it only list Javascript.

Which one do I need to disable and how?
Click to expand...


Yeah, go to the control panel, open the java icon or do a search for it there if you don't see it, once the dialog opens, click the about button to view the version. They said this flaw affects 7 update 10, so if it is that version, then click the security tab and disable it in browsers. If it's not that version I think you're OK.
 
I use Chrome and in order to access your plug-in's, including Java, you type //chrome/plugins in your address bar. It will list all your plug-ins loaded on chrome, giving you the ability to disable or enable. My Java was not Java 7, so I have left it alone.
 
Darren Wright said:
Yeah, go to the control panel, open the java icon or do a search for it there if you don't see it, once the dialog opens, click the about button to view the version. They said this flaw affects 7 update 10, so if it is that version, then click the security tab and disable it in browsers. If it's not that version I think you're OK.
Click to expand...

When I open the control panel and go to the security tab all it shows is a button for certificates. It looks nothing like the one on the java help page for disabling where it has a box to uncheck for enabling java content in browsers and a tab you can move for security levels. Here is what it says ( Starting with Java Version 7 Update 10, a new security feature has been added to Java. Some web pages may include content or apps that use the Java plug-in, and these can now be disabled using a single option in the Java Control Panel.)

I don't even have the update button it shows on the control panel. This is from the java website.
enable_java.jpg
 
In Google chrome I have 2 plugins for java.

This one is disabled
Java(TM) (2 files) - Version: 10.7.2.10
NPRuntime Script Plug-in Library for Java(TM) Deploy
Name: Java(TM) Platform SE 7 U9
Description: Next Generation Java Plug-in 10.9.2 for Mozilla browsers
Version: 10.9.2.05


And this one is enabled
Name: Java Deployment Toolkit 7.0.70.10
Description: NPRuntime Script Plug-in Library for Java(TM) Deploy
Version: 10.7.2.10

If I only disable the first one youtube works fine. If I only disable the second one youtube will not work. Also if I disable both youtube will not work.
 
Alan Bienlein said:
In Google chrome I have 2 plugins for java.

This one is disabled
Java(TM) (2 files) - Version: 10.7.2.10
NPRuntime Script Plug-in Library for Java(TM) Deploy
Name: Java(TM) Platform SE 7 U9
Description: Next Generation Java Plug-in 10.9.2 for Mozilla browsers
Version: 10.9.2.05


And this one is enabled
Name: Java Deployment Toolkit 7.0.70.10
Description: NPRuntime Script Plug-in Library for Java(TM) Deploy
Version: 10.7.2.10

If I only disable the first one youtube works fine. If I only disable the second one youtube will not work. Also if I disable both youtube will not work.
Click to expand...

Strange, I had disable them both and had no problem running youtube. I am afraid that is the extent of my ability to help. Darren is your best bet.
 
You must log in or register to reply here.
Top