Critical Java Vulnerability Discovered

[PoolsClosed 37]

[font=arial, helvetica, sans-serif]http://www.us-cert.gov/cas/techalerts/TA13-010A.html

Posting this here because Java applets using Java Network Launching Protocol (JNLP - like Wurm) are particularly at risk.

Time to stop using Java? Not sure about that.

Caution is still advised!

Your thoughts?

[Trencal 75]

My opinion?

Don't be stupid.

With some basic knowledge you can dodge almost all virus's and malware that comes your way.

Don't goto any site that seems suspicious, Don't randomly type things into the address bar to random sites, Use a anti-malware and such.

I'm not worrying about it.

People get infected more because they don't think and click randomly.

If you're really worried I would recommend getting Spybot S/D or MalwareBytes Anti-Malware for some protection.

Besides that, Its another bug thats just going around. Don't click on emails that you don't know, don't torrent things without alot of knowledge, etc.

EDIT: And Yes, Wurm is safe.

Edited January 12, 2013 by Trencal

[Shrimpiie 3,665]

Ad aware, AVG, and zonealarm also work wonders for me if you are concerned

[ago 470]

The exploit is in the java plugin and only affects applets. It does not affect java webstart applications or local java applications.

Disable the java plugin in the browser to be safe again.

With some basic knowledge you can dodge almost all virus's and malware that comes your way.

A good part of malware actually spreads because of exploits in applications. An unpatched flash player, acrobat reader or webbrowser is about as risky as clicking every odd email you receive. Even if you don't go to suspicous webistes you may remember the wurm website being hacked and used for malware delivery. The same happens to ad-servers all over the net and whenever you open a webiste that has those ads you are in danger of receiving the malware too.

So no matter how cautious you are, better disable the java plugin
/>http://nakedsecurity.sophos.com/2012/08/30/how-turn-off-java-browser/

[KyleBooze 451]

Heya PC, thanks for the warning

[Ecrir 887]

Yeah, just disable the java plugin of your browser to be safe, Wurm will still run fine if you do that. As ago said any site/ad can be hacked to spread malware, not clicking randomly doesn't make you immune to that. Even perfectly normal browsing can get you infected. Using an ad blocker or something like NoScript (if you are using firefox) is probably handy too, that reduces the risk of getting something.

Edited January 12, 2013 by Ecrir

[Tarec 1]

Yeah, this is a zero-day vulnerability so virus/malware scanners won't help you yet

The only thing that currently helps is to disable java in your browser...

[Aldur 651]

Every time webpage tries to run java in my browser, I have to manually allow it. That sounds safe enough, doesn't it? Chrome browser, by the way.

I'm not saying there is no security vulnerability, there probably is. What I have a problem with, is how most of these vulnerabilities are explained. For once, there is no information how severe code can be executed, it could be minor things for all we know. Secondary, the recommendation is to remove java, where clearly there are other ways to avoid the danger and preserve the plugin and environment.

That just smells like corporates looking for excuses to get rid of java, because it's just too damn good and free at the same time.

PS. And the vulnerability doesn't matter much for Wurm, unless the malicious code would come from the official website itself, the launcher link. Java is not the issue here, the nature of system running executables is. No matter how you bring Wurm to your comp, you must give it some permissions and the only shield you have is your system and it's av software.

Edited January 13, 2013 by Aldur

[whykillme 1,621]

Vulnerability number 23989023859023.. seriously it doens't matter lol, it will never be safe.

[Huserx 189]

Keep sensative info off your pc, backup regularly, change passwords regularly, do your best to reduce the damage. Like illnesses prevention is not immunity. It will happen just do your best to prevent and recover.

[Batolemaeus 181]

Don't be stupid.

With some basic knowledge you can dodge almost all virus's and malware that comes your way.

Don't goto any site that seems suspicious, Don't randomly type things into the address bar to random sites, Use a anti-malware and such.

Doesn't matter a single bit. These vulnerabilities tend to be exploited through compromised ad networks that are embedded by nearly every major site in the world.

The only way to be safe is to disable the plugin alltogether. You can be reasonably safe by allowing plugins only on demand. Your antivirus/antimalware is utterly useless against this sort of vulnerability.

[Ratina 6]

My opinion?

Don't be stupid.

With some basic knowledge you can dodge almost all virus's and malware that comes your way.

Don't goto any site that seems suspicious, Don't randomly type things into the address bar to random sites, Use a anti-malware and such.

I'm not worrying about it.

People get infected more because they don't think and click randomly.

If you're really worried I would recommend getting Spybot S/D or MalwareBytes Anti-Malware for some protection.

Besides that, Its another bug thats just going around. Don't click on emails that you don't know, don't torrent things without alot of knowledge, etc.

EDIT: And Yes, Wurm is safe.

This kind of a response from a CA bothers me, why would you respond to someone genuinely concerned about vulnerabilities in Java with "learn to fend for yourself?" Hardly seems appropriate, not to mention you don't have a very good idea what you're talking about either.

[Klaa 4,872]

At least they patched it in a relatively short time. Oracle has been a little slow in the past on other patches.

[Lulz 1]

Every system have vulnerabilities. At least Java patched this one up fast with their Version 7 Update 11 release.

By the way, for people who haven't updated yet: download it manually, as the Java auto updater usually doesn't work very quickly or well.

[phennexion 170]

Ad aware, AVG, and zonealarm also work wonders for me if you are concerned

scamware, bloatware, fakeware.

just get malwarebytes and save yourself a gig of ram lol

[Trencal 75]

This kind of a response from a CA bothers me, why would you respond to someone genuinely concerned about vulnerabilities in Java with "learn to fend for yourself?" Hardly seems appropriate, not to mention you don't have a very good idea what you're talking about either.

How so?

What is inappropriate about it?

Yes, there area ways that this vulnerability can be exploited, and yes there's always a possibility. But the use of java is insane, its used in an extremely large amount of applications that I use daily.

Its not as simple as don't use them to me.

I do agree, its a way to avoid it, he gives a good solution.

But I stated my opinion on it. That's all I did.

Don't have to jump down my throat about my opinion.

Sorry if I offended anyone with it.....

Edited January 15, 2013 by Trencal

[Batolemaeus 181]

How so?

What is inappropriate about it?

[...]

But I stated my opinion on it. That's all I did.

Don't have to jump down my throat about my opinion.

It's not your "opinion". You stated something that is factually wrong and very dangerous if followed by people. Drive-by downloads via zero-day vulnerabilities are extremely dangerous and are not prevented by any kind of "anti-virus" software.

Don't get all defensive about your "opinion" when you get called out on giving dangerous advice.