Jump to content


Welcome to DBSTalk


Sign In 

Create Account
Welcome to DBSTalk. Our community covers all aspects of video delivery solutions including: Direct Broadcast Satellite (DBS), Cable Television, and Internet Protocol Television (IPTV). We also have forums to discuss popular television programs, home theater equipment, and internet streaming service providers. Members of our community include experts who can help you solve technical problems, industry professionals, company representatives, and novices who are here to learn.

Like most online communities you must register to view or post in our community. Sign-up is a free and simple process that requires minimal information. Be a part of our community by signing in or creating an account. The Digital Bit Stream starts here!
  • Reply to existing topics or start a discussion of your own
  • Subscribe to topics and forums and get email updates
  • Send private personal messages (PM) to other forum members
  • Customize your profile page and make new friends
 
Guest Message by DevFuse

Photo

US-CERT: Disable Java


  • Please log in to reply
57 replies to this topic

#51 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • DBSTalk Club
  • 14,200 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 28 January 2013 - 01:14 PM

Shocking, even set to very high in update 11, which does not allow unsigned apps to run, an unsigned app can run using a vulnerability:

http://seclists.org/...re/2013/Jan/241

...Ads Help To Support This Site...

#52 OFFLINE   satcrazy

satcrazy

    Icon

  • Registered
  • 867 posts
  • LocationGreat lakes, NW Pa.
Joined: Mar 15, 2011

Posted 30 January 2013 - 07:31 PM

Is it more vunerable in IE than Firefox?

It isn't looking like I'm going to re-install soon.:eek2:

#53 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • DBSTalk Club
  • 14,200 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 30 January 2013 - 09:01 PM

Java is not safe in any browser.

I also found Oracle has a head of Java security. I hope he was recently hired.

#54 OFFLINE   satcrazy

satcrazy

    Icon

  • Registered
  • 867 posts
  • LocationGreat lakes, NW Pa.
Joined: Mar 15, 2011

Posted 30 January 2013 - 09:10 PM

O.K.

So you can install it for use outside of your browser, just disable it in the browser[s] then?

#55 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • DBSTalk Club
  • 14,200 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 30 January 2013 - 09:19 PM

Right, if you have apps that use it, like Minecraft, gotomeeting, etc. otherwise, don't bother with it at all.

Ok, I guess if you had to choose, Firefox would be safer with Click to Play. However, a lot of people will just click it without considering the ramifications. Plus, is it possible that there is a security hole that bypasses that? I'm still not going to risk it.

Edited by dpeters11, 31 January 2013 - 07:54 AM.


#56 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • DBSTalk Club
  • 14,200 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 01 February 2013 - 02:19 PM

Java 7 update 13 is available, they skipped 12. Update if you have an older Java 7. Don't use Java if you don't need it :)

Also, I'm going to give the head of Java security a pass. He was hired by Oracle in August. We'll give him a few months to correct 7+ years of issues.

#57 OFFLINE   phrelin

phrelin

    Hall Of Fame

  • Registered
  • 13,676 posts
  • LocationNorthern California Redwoods
Joined: Jan 18, 2007

Posted 02 February 2013 - 12:52 PM

To get the release 7-13 add-on to install correctly in Firefox it took a bit of undoing and redoing, I guess because I don't know what I'm doing. But it works. I have to use it as I have routine stuff I do using noaa.gov, bls.gov, and doleta.gov web sites. Unfortunately government web sites rely heavily on Java.

I'm assuming that by using the 13 release, the danger level is no worse than driving a car.

"In a hundred years there'll be a whole new set of people."
"Always poke the bears. They sleep too much for their own good."

"If you're good enough, they'll talk about you." - Tom Harmon
A GEEZER who remembers watching TV in 1951 and was an Echostar customer from 1988 to 2008, now a Dish Network customer.
My AV Setup
My Slingbox Pro HD Experience
My Blog: The Redwood Guardian


#58 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • DBSTalk Club
  • 14,200 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 02 February 2013 - 03:21 PM

I agree, the government makes it hard. One agency tells you to get rid of it, others require it. We have the same issue at work. Federal Courts require it, Patent office requires version 6.

In that case, Firefox's click to run might help for someone that knows when to allow it to run or not. Problem is some will just click and enable.




Protected By... spam firewall...And...