flat assembler
Message board for the users of flat assembler.

Index > Heap > Firefox planing disabling JAVA because of the BEAST

Author
Thread Post new topic Reply to topic
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
http://thehackernews.com/2011/09/firefox-java-update-ready-to-stop-beast.html


Quote:

Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.


here an explanation of what is BEAST
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
Post 29 Sep 2011, 22:37
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Ooooooooooooo Noes, No More Drive By's

Sad

Meanwhile somewhere in USA, Medina, Washington. That guy we call Gates, is seating on his couch rubbing his hands together, leaning forward his PC with his tongue sticking out, like this " Razz ".

1 For M$, 0 For Mozilla.

Anyways, as you can see below. I use a FireFox addon to disable all that stuff.
Image
Post 30 Sep 2011, 02:12
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
This is not a FireFox problem, it's Oracle's fault. (ex Sun Microsystems)
Post 30 Sep 2011, 04:45
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
yes it is. how come IE or chrome haven't said anything yet. and i'm pretty sure the guys who tested it also tried on those two latter browsers.
Post 30 Sep 2011, 13:30
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
No, iexplorer and chrome consider this a minor security problem. Iexplorer recomend to use tsl 1.1 and not tsl 1.0
Post 30 Sep 2011, 14:23
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8865
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
i use firefox noscript add-ons,
JAVA? orphan child soon or ...
Post 30 Sep 2011, 17:46
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
what i don´t understand is that in the articles, they mix java and javascript as they where the same thing :S
Post 30 Sep 2011, 19:40
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Enko wrote:
No, iexplorer and chrome consider this a minor security problem. Iexplorer recomend to use tsl 1.1 and not tsl 1.0

If it is minor to them (IE and Chrome) and major to FireFox that means FireFox has a problem... Wink
Post 30 Sep 2011, 21:50
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
typedef wrote:
Enko wrote:
No, iexplorer and chrome consider this a minor security problem. Iexplorer recomend to use tsl 1.1 and not tsl 1.0

If it is minor to them (IE and Chrome) and major to FireFox that means FireFox has a problem... Wink
It's probably more an issue of "that's a bug in 3rd party code, not in our browser". Of course both IE and Chrome try to sandbox stuff, and are somewhat efficient about it, but still...

While Java has a lot of use on the server side, and while I think it's a pretty decent platform (probably with more good parts than bad parts Razz), the only reason I have Java client-side in my browser is for web banking purposes. I'm seriously considering moving that to an isolated virtual machine for only that purpose, and disable the Java plugin in my browser.

_________________
Image - carpe noctem
Post 02 Oct 2011, 19:09
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
f0dder wrote:

the only reason I have Java client-side in my browser is for web banking purposes.


Razz

Hehehe,, Twisted Evil
Post 03 Oct 2011, 01:07
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.