RebelNode Posted August 28, 2012 Posted August 28, 2012 Since almost everyone on these forums has java 7 installed on their machines, I felt like warning you a bit. Yesterday some hackers released a 0-day java 7 security exploit, which allows them to run any code on your machine. All you have to do is click a link in your internet browser or email client and you're infected. 0-day also means that there's no patch for it yet, so there's no way for you to protect yourself other than uninstall java 7 (and thus technicpack) or be extremely cautious until a patch comes out. I'm not gonna click any links on these forums or minecraft forums (2 of the biggest java7-using communities in the internet) until a patch comes out and I suggest you do the same. Anyway, here's a link with more info. I suggest you don't click it. But how could you resist? http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html Quote
FFGF Posted August 28, 2012 Posted August 28, 2012 So if you clicked on the link, then you could be infected, it's like internet zombies. Quote
milcondoin Posted August 28, 2012 Posted August 28, 2012 Or you could just deactive the java-plugin for your browser. Quote
Uristqwerty Posted August 28, 2012 Posted August 28, 2012 People have Java enabled in their browsers? Considering that this is not the first time there was a known exploit, I'd have expected people to be at least a little bit more careful about that sort of thing... Quote
Jorcer Posted August 29, 2012 Posted August 29, 2012 Don't want to sound like a total idiot here, but how do I check if I have Java enabled for my browser? Quote
Xylord Posted August 29, 2012 Posted August 29, 2012 Don't want to sound like a total idiot here, but how do I check if I have Java enabled for my browser? I would have expected more from a Viking Hacker. ): Anyway, for Chrome, here's how it goes. Click the little wrench, settings, show advanced settings, content settings, scroll down to plugins, here, you can "block all" or disable individual plugins. If you took the second option, search for java in your plugins and simply disable it. You might want to know you can edit exceptions if there are java scripts you really want to keep. Quote
Jorcer Posted August 29, 2012 Posted August 29, 2012 Guys I was just kidding, I hacked Xylords post to tell you how... No I did really... Quote
Xylord Posted August 29, 2012 Posted August 29, 2012 Guys I was just kidding, I hacked Xylords post to tell you how... No I did really... LOL I'M AN IDIOT I SHOULD HAVE NEVER HUMILIATED JORCER. Edit : Jorcer, what have you done! Changing my pass word ASAP. Quote
gotyaoi Posted August 29, 2012 Posted August 29, 2012 Er, that's javascript. Similar name, different beast. This site has instructions to disable java in your particular browser. http://www.geek.com/articles/chips/how-to-disable-java-on-everything-20120828/ Quote
Xylord Posted August 29, 2012 Posted August 29, 2012 Er, that's javascript. Similar name, different beast. This site has instructions to disable java in your particular browser. http://www.geek.com/articles/chips/how-to-disable-java-on-everything-20120828/ Oh damn, sorry for the error. At least, I only have to change my last step. :D Quote
jakj Posted August 29, 2012 Posted August 29, 2012 Eh, unsurprising and uninteresting, considering most every other damn thing that's ever run in a browser has experienced this. Funnily enough, only the browser is supposed to be protected at all in the first place: The main Java program (like if you run a .jar such as Minecraft) has no SecurityManager running and can do anything you can. Quote
SimpleGuy Posted August 29, 2012 Posted August 29, 2012 Also while we're on the topic of exploits, there's a thing going around MCF where the locals exploit each other's stupidity. Like this Java thing, it's been around since day 0 and there is no fix for it. I wouldn't recommend ever going there. Quote
pds314 Posted August 30, 2012 Posted August 30, 2012 would it not require the malicious program downloaded to pass the various security checks required to run a program? and also require me to run an unknown applet? Quote
gotyaoi Posted August 30, 2012 Posted August 30, 2012 No, that's sort of the point of the exploit, to run without any user interaction besides visiting the malicious site. Quote
pds314 Posted August 30, 2012 Posted August 30, 2012 No, that's sort of the point of the exploit, to run without any user interaction besides visiting the malicious site. yes, I am saying, it may still require me to to click on the button in Chrome that says "Run this time" or the one that says "Always run on this site" and windows defender or whatever might say: "do you want run this random ".jar" thing that randomly decided to run?" Think about what happens if said security features are on and you try running Vanilla MC online or not. Quote
gotyaoi Posted August 30, 2012 Posted August 30, 2012 The chrome thing is a setting in the options. For a lot of people it's set not to ask. And no, antivirus/antimalware on the system probably won't do any such thing. Quote
fabricator77 Posted August 30, 2012 Posted August 30, 2012 People have Java enabled in their browsers? Considering that this is not the first time there was a known exploit, I'd have expected people to be at least a little bit more careful about that sort of thing... Problem for tekkit users is the Nuclear Reactor Planner, the links to various reactor designs only work if you have java enabled on your browser. Of course you can just download the jar for the planner and copy paste some numbers out of the url, its just more annoying to do. Its pretty hard to get java to work in Firefox if you have 64 bit Java installed, as it expects the 32 bit version. Quote
Cheap Shot Posted August 30, 2012 Posted August 30, 2012 I'm waiting for people to blame this on us, having run out of things to hate us for. Quote
jakj Posted August 30, 2012 Posted August 30, 2012 I'm waiting for people to blame this on us, having run out of things to hate us for. Nah, they're never going to run out of that. Quote
pds314 Posted August 30, 2012 Posted August 30, 2012 The chrome thing is a setting in the options. For a lot of people it's set not to ask. And no, antivirus/antimalware on the system probably won't do any such thing. but it would require me to click "run this time," assuming it is set to ask. Quote
Xylord Posted August 30, 2012 Posted August 30, 2012 but it would require me to click "run this time," assuming it is set to ask. Yeah, but the problem is exactly that by default, it's set to not ask, so the unaware people are the ones who suffer. Quote
Air_Gamer Posted August 31, 2012 Posted August 31, 2012 It has been patched now in Java 7 Update 7. Quote
jakj Posted August 31, 2012 Posted August 31, 2012 but it would require me to click "run this time," assuming it is set to ask. Perhaps you don't understand the concept of an exploit, as in, no, it won't ask you that, because it's letting the program do something it's not supposed to let it do. Usually by buffer-overrun, chernobyl packet/header, or unchecked constant-value bounds flaws in a program. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.