flat assembler
Message board for the users of flat assembler.

Index > Heap > haven't heard the news? please disable your JAVA

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 8903
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
just in case we got fasmer who just wake up,
it is all over the news,
please disable your JAVA Laughing

http://www.kb.cert.org/vuls/id/625617

Quote:

Java 7 Update 10 and earlier Java 7 versions contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Post 13 Jan 2013, 14:15
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
sleepsleep wrote:
haven't heard the news?

Yep.

sleepsleep wrote:
please disable your JAVA

I haven't needed it in years so it was never installed to begin with.
Post 13 Jan 2013, 14:58
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8903
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
ManOfSteel wrote:

I haven't needed it in years so it was never installed to begin with.

Laughing
sure oracle loves this free marketing !!

maybe one day we would get a dot net bug, and we got billions of computer unsecured because they got dot net =)
Post 13 Jan 2013, 15:14
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3500
Location: Bulgaria
JohnFound
I removed Java and .NET long time ago. And I never missed them. Smile
Post 13 Jan 2013, 15:33
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
I'm doing android development on my day to day laptop.

I never wanted JAVA anymore but I guess that's another reason for getting another computer for development only. Not internet connection.

But hell. It has to be enabled through the browser or running in order for that exploit to work.
Post 13 Jan 2013, 15:50
View user's profile Send private message Reply with quote
TmX



Joined: 02 Mar 2006
Posts: 821
Location: Jakarta, Indonesia
TmX
Quote:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\CSL-NB-064>java -version
java version "1.7.0_09"
Java(TM) SE Runtime Environment (build 1.7.0_09-b05)
Java HotSpot(TM) Client VM (build 23.5-b02, mixed mode, sharing)


Whopps. Time to get an update, then.
Post 13 Jan 2013, 16:06
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Maybe soon they'll add Android support to this site : https://cloud-ide.com/. Then I could just log in and do my projects there.

But then again, there's that issue of trusting the Cloud.
Post 13 Jan 2013, 16:30
View user's profile Send private message Reply with quote
TmX



Joined: 02 Mar 2006
Posts: 821
Location: Jakarta, Indonesia
TmX
typedef wrote:
I'm doing android development on my day to day laptop.


If you don't want java for android development, try monodroid or free pascal

I use java mostly for BlackBerry development, and fortunately (or unfortunately??) RIM dumps Java out of the new BlackBerry 10 OS. Now C++ is used.
Post 13 Jan 2013, 16:56
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
TmX wrote:
typedef wrote:
I'm doing android development on my day to day laptop.


If you don't want java for android development, try monodroid or free pascal

I use java mostly for BlackBerry development, and fortunately (or unfortunately??) RIM dumps Java out of the new BlackBerry 10 OS. Now C++ is used.


Monodroid seems to be praised a lot. But $399. Lol. I know it's worth a try but meh.. tpb.org Rolling Eyes

The Free Pascal has too much stuff to fiddle with. Maybe Embarcadero will add an Android plugin to Delphi but until then I can only anticipate or pirate or continue on with shitty JAVA.
Post 13 Jan 2013, 17:11
View user's profile Send private message Reply with quote
Coty



Joined: 17 May 2010
Posts: 546
Location: ␀
Coty
^ Maybe you should try a different blend?

As a java guy myself, there is no way I can possibly disable java...

Tell you what, don't surf so much porn and keygens, and it won't be such a problem Razz

If you really need your fix, get a playboy subscription or something, and try well known open source alternatives.

typedef wrote:
Maybe soon they'll add Android support to this site : https://cloud-ide.com/. Then I could just log in and do my projects there.

But then again, there's that issue of trusting the Cloud.


You should try my JAVA based cloud, ps you need java7 to run it Laughing
Post 14 Jan 2013, 05:58
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
TmX



Joined: 02 Mar 2006
Posts: 821
Location: Jakarta, Indonesia
TmX
This morning, I downloaded the Java 7 Update 10 (at home).
After arrived at the office, got a notification that Update 11 was already available.

Laughing
Post 14 Jan 2013, 06:03
View user's profile Send private message Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY
TmX wrote:
typedef wrote:
I'm doing android development on my day to day laptop.


If you don't want java for android development, try monodroid or free pascal

I use java mostly for BlackBerry development, and fortunately (or unfortunately??) RIM dumps Java out of the new BlackBerry 10 OS. Now C++ is used.


You still need Java installed if you're using Free Pascal. Probably monodroid requires it too.

Because you have to install the SDK, and it requires Java. Rolling Eyes
Post 14 Jan 2013, 16:02
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
[ Post removed by author. ]


Last edited by HaHaAnonymous on 28 Feb 2015, 21:59; edited 1 time in total
Post 14 Jan 2013, 16:38
View user's profile Send private message Reply with quote
Spool



Joined: 08 Jan 2013
Posts: 154
Spool
[ Post removed by author. ]


Last edited by Spool on 17 Mar 2013, 03:50; edited 1 time in total
Post 14 Jan 2013, 16:44
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
HaHaAnonymous wrote:
I don't care. Anyone can play on my computer through SSH or bugged "JAVA". I have nothing to hide.

Yep, someone could zombify your Internet-connected machine and use it as a hub in a worldwide pedophile ring. What's not to like! Rolling Eyes

In other news, experts warn flaws may take 2 years to fix.
Post 14 Jan 2013, 19:31
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
First: having the JDK and/or the JRE installed isn't really a problem. It's the Java Browser plugin that's problematic. If you need it, disable it in your main browser and start a secondary browser with it for those few sites where you need Java - and do the same for flash, while you're at it.

Second:
Coty wrote:
Tell you what, don't surf so much porn and keygens, and it won't be such a problem Razz

All it takes is one hacked legitimate server (or a banner server), and you're toast. You don't need to be visiting seedy parts of the internet.

I personally have FireFox (with AdBlockPlus, NoScript, Ghostery and Certificate Patrol) for my main browser, without any of Java, Flash or AdobePDF plugins. When I need flash, I fire up Chrome. When I need Java, I fire up a Linux virtual machine with FireFox (same addons there) for that specific site.

_________________
Image - carpe noctem
Post 14 Jan 2013, 20:24
View user's profile Send private message Visit poster's website Reply with quote
Picnic



Joined: 05 May 2007
Posts: 1288
Location: behind the arc
Picnic
^^I also use adBlock quite some time now (years actually). I can't imagine surfing without it.
Post 14 Jan 2013, 20:50
View user's profile Send private message Reply with quote
Coty



Joined: 17 May 2010
Posts: 546
Location: ␀
Coty
f0dder wrote:

All it takes is one hacked legitimate server (or a banner server), and you're toast. You don't need to be visiting seedy parts of the internet.

I personally have FireFox (with AdBlockPlus, NoScript, Ghostery and Certificate Patrol) for my main browser, without any of Java, Flash or AdobePDF plugins. When I need flash, I fire up Chrome. When I need Java, I fire up a Linux virtual machine with FireFox (same addons there) for that specific site.


Chrome asks me if I want to run the java plug in everytime I visit a page with java. If I ever see my favorite boards ask me that I'll know something is up Smile Most websites I will tell it not to use it/ignore. I know, using it at all blah blah blah, If I lived in a bubble of paranoia, I'd be driven to insanity(even more so then now)!

As for flash, I don't really use it. I've pretty much been boycotting it forever.

See:
http://support.google.com/chrome/bin/answer.py?hl=en&answer=108086

I do, however, use pandora, which does use flash (unfortunately, but it saves me lot's of money from buying music, or risking viruses downloading music.), in this case IE home page is pandora, and that is the only place IE ever goes Wink
Post 15 Jan 2013, 04:41
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Coty: sounds like a reasonable way of doing things - Click2Play definitely helps protect against drivebys. Dunno if it's ever been broken... but Chromes sandboxing has, so at least theoretically it would be possible to escape sandbox, patch click2play memory (or just directly use Java plugin), and execute exploited Java code. Of course only makes sense if the sandbox escape and memory overwrite capabilities doesn't give you direct access to doing nefarious deeds, and it's such a roundabout way of doing things that it probably wouldn't make it's way into normal exploit kits, but would be something used by people targeting you explicitly.

Anyway, that was just thinking out loud Smile
Post 15 Jan 2013, 06:39
View user's profile Send private message Visit poster's website Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
Coty wrote:
Tell you what, don't surf so much porn and keygens, and it won't be such a problem

Meh, an old urban legend made to discourage people from visiting porn websites and using cracked warez.

The only websites I've *ever* seen using Java are "Youtube video grabbing" websites and websites with simulations and demos (physics, astronomy, biology, etc.)
Post 15 Jan 2013, 10:34
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.