Sign in to follow this  
RebelNode

New Java 7 security exploit is out

Recommended Posts

Since almost everyone on these forums has java 7 installed on their machines, I felt like warning you a bit. Yesterday some hackers released a 0-day java 7 security exploit, which allows them to run any code on your machine. All you have to do is click a link in your internet browser or email client and you're infected. 0-day also means that there's no patch for it yet, so there's no way for you to protect yourself other than uninstall java 7 (and thus technicpack) or be extremely cautious until a patch comes out.

I'm not gonna click any links on these forums or minecraft forums (2 of the biggest java7-using communities in the internet) until a patch comes out and I suggest you do the same.

Anyway, here's a link with more info. I suggest you don't click it. But how could you resist?

http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html

Share this post


Link to post
Share on other sites

People have Java enabled in their browsers? Considering that this is not the first time there was a known exploit, I'd have expected people to be at least a little bit more careful about that sort of thing...

Share this post


Link to post
Share on other sites

Don't want to sound like a total idiot here, but how do I check if I have Java enabled for my browser?

I would have expected more from a Viking Hacker. ):

Anyway, for Chrome, here's how it goes. Click the little wrench, settings, show advanced settings, content settings, scroll down to plugins, here, you can "block all" or disable individual plugins. If you took the second option, search for java in your plugins and simply disable it.

You might want to know you can edit exceptions if there are java scripts you really want to keep.

Share this post


Link to post
Share on other sites

Guys I was just kidding, I hacked Xylords post to tell you how...

No I did really...

LOL I'M AN IDIOT I SHOULD HAVE NEVER HUMILIATED JORCER.

Edit : Jorcer, what have you done! Changing my pass word ASAP.

Share this post


Link to post
Share on other sites

Eh, unsurprising and uninteresting, considering most every other damn thing that's ever run in a browser has experienced this. Funnily enough, only the browser is supposed to be protected at all in the first place: The main Java program (like if you run a .jar such as Minecraft) has no SecurityManager running and can do anything you can.

Share this post


Link to post
Share on other sites

Also while we're on the topic of exploits, there's a thing going around MCF where the locals exploit each other's stupidity. Like this Java thing, it's been around since day 0 and there is no fix for it. I wouldn't recommend ever going there.

Share this post


Link to post
Share on other sites

would it not require the malicious program downloaded to pass the various security checks required to run a program? and also require me to run an unknown applet?

Share this post


Link to post
Share on other sites

No, that's sort of the point of the exploit, to run without any user interaction besides visiting the malicious site.

yes, I am saying, it may still require me to to click on the button in Chrome that says "Run this time" or the one that says "Always run on this site" and windows defender or whatever might say: "do you want run this random ".jar" thing that randomly decided to run?"

Think about what happens if said security features are on and you try running Vanilla MC online or not.

Share this post


Link to post
Share on other sites

The chrome thing is a setting in the options. For a lot of people it's set not to ask. And no, antivirus/antimalware on the system probably won't do any such thing.

Share this post


Link to post
Share on other sites

People have Java enabled in their browsers? Considering that this is not the first time there was a known exploit, I'd have expected people to be at least a little bit more careful about that sort of thing...

Problem for tekkit users is the Nuclear Reactor Planner, the links to various reactor designs only work if you have java enabled on your browser. Of course you can just download the jar for the planner and copy paste some numbers out of the url, its just more annoying to do.

Its pretty hard to get java to work in Firefox if you have 64 bit Java installed, as it expects the 32 bit version.

Share this post


Link to post
Share on other sites

I'm waiting for people to blame this on us, having run out of things to hate us for.

Nah, they're never going to run out of that.

Share this post


Link to post
Share on other sites

The chrome thing is a setting in the options. For a lot of people it's set not to ask. And no, antivirus/antimalware on the system probably won't do any such thing.

but it would require me to click "run this time," assuming it is set to ask.

Share this post


Link to post
Share on other sites

but it would require me to click "run this time," assuming it is set to ask.

Yeah, but the problem is exactly that by default, it's set to not ask, so the unaware people are the ones who suffer.

Share this post


Link to post
Share on other sites

but it would require me to click "run this time," assuming it is set to ask.

Perhaps you don't understand the concept of an exploit, as in, no, it won't ask you that, because it's letting the program do something it's not supposed to let it do. Usually by buffer-overrun, chernobyl packet/header, or unchecked constant-value bounds flaws in a program.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this