Jump to content

New Java 7 security exploit is out

RebelNode

By RebelNode
in Cafe Lame

 Share

Recommended Posts

RebelNode Stone

RebelNode

Posted
Posted

Since almost everyone on these forums has java 7 installed on their machines, I felt like warning you a bit. Yesterday some hackers released a 0-day java 7 security exploit, which allows them to run any code on your machine. All you have to do is click a link in your internet browser or email client and you're infected. 0-day also means that there's no patch for it yet, so there's no way for you to protect yourself other than uninstall java 7 (and thus technicpack) or be extremely cautious until a patch comes out.

I'm not gonna click any links on these forums or minecraft forums (2 of the biggest java7-using communities in the internet) until a patch comes out and I suggest you do the same.

Anyway, here's a link with more info. I suggest you don't click it. But how could you resist?

http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html

Uristqwerty Dirt

Uristqwerty

Posted
Posted

People have Java enabled in their browsers? Considering that this is not the first time there was a known exploit, I'd have expected people to be at least a little bit more careful about that sort of thing...

Xylord Bedrock

Xylord

Posted
Posted

Don't want to sound like a total idiot here, but how do I check if I have Java enabled for my browser?

I would have expected more from a Viking Hacker. ):

Anyway, for Chrome, here's how it goes. Click the little wrench, settings, show advanced settings, content settings, scroll down to plugins, here, you can "block all" or disable individual plugins. If you took the second option, search for java in your plugins and simply disable it.

You might want to know you can edit exceptions if there are java scripts you really want to keep.

Xylord Bedrock

Xylord

Posted
Posted

Guys I was just kidding, I hacked Xylords post to tell you how...

No I did really...

LOL I'M AN IDIOT I SHOULD HAVE NEVER HUMILIATED JORCER.

Edit : Jorcer, what have you done! Changing my pass word ASAP.

jakj Bedrock

jakj

Posted
Posted

Eh, unsurprising and uninteresting, considering most every other damn thing that's ever run in a browser has experienced this. Funnily enough, only the browser is supposed to be protected at all in the first place: The main Java program (like if you run a .jar such as Minecraft) has no SecurityManager running and can do anything you can.

SimpleGuy Bedrock

SimpleGuy

Posted
Posted

Also while we're on the topic of exploits, there's a thing going around MCF where the locals exploit each other's stupidity. Like this Java thing, it's been around since day 0 and there is no fix for it. I wouldn't recommend ever going there.

pds314 Grass

pds314

Posted
Posted

would it not require the malicious program downloaded to pass the various security checks required to run a program? and also require me to run an unknown applet?

pds314 Grass

pds314

Posted
Posted

No, that's sort of the point of the exploit, to run without any user interaction besides visiting the malicious site.

yes, I am saying, it may still require me to to click on the button in Chrome that says "Run this time" or the one that says "Always run on this site" and windows defender or whatever might say: "do you want run this random ".jar" thing that randomly decided to run?"

Think about what happens if said security features are on and you try running Vanilla MC online or not.

gotyaoi Bedrock

gotyaoi

Posted
Posted

The chrome thing is a setting in the options. For a lot of people it's set not to ask. And no, antivirus/antimalware on the system probably won't do any such thing.

fabricator77 Grass

fabricator77

Posted
Posted

People have Java enabled in their browsers? Considering that this is not the first time there was a known exploit, I'd have expected people to be at least a little bit more careful about that sort of thing...

Problem for tekkit users is the Nuclear Reactor Planner, the links to various reactor designs only work if you have java enabled on your browser. Of course you can just download the jar for the planner and copy paste some numbers out of the url, its just more annoying to do.

Its pretty hard to get java to work in Firefox if you have 64 bit Java installed, as it expects the 32 bit version.

jakj Bedrock

jakj

Posted
Posted

I'm waiting for people to blame this on us, having run out of things to hate us for.

Nah, they're never going to run out of that.

pds314 Grass

pds314

Posted
Posted

The chrome thing is a setting in the options. For a lot of people it's set not to ask. And no, antivirus/antimalware on the system probably won't do any such thing.

but it would require me to click "run this time," assuming it is set to ask.

Xylord Bedrock

Xylord

Posted
Posted

but it would require me to click "run this time," assuming it is set to ask.

Yeah, but the problem is exactly that by default, it's set to not ask, so the unaware people are the ones who suffer.

jakj Bedrock

jakj

Posted
Posted

but it would require me to click "run this time," assuming it is set to ask.

Perhaps you don't understand the concept of an exploit, as in, no, it won't ask you that, because it's letting the program do something it's not supposed to let it do. Usually by buffer-overrun, chernobyl packet/header, or unchecked constant-value bounds flaws in a program.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...