Serious vulnerability roaming around

[MrRiplEy[H]]

If you have Java installed now is the time to disable it. Latest security hole in Java 7 enables anyone to create a zero-day attack using an automated attack tool. So far the hole has been exploited in the form of a banking trojan. All operating systems are vulnerable - amazingly even linux.

So windows users - either uninstall java totally (recommended for anyone who doesn't have a crappy bank that uses java based 'security') or at minimum activate script blocking from chrome or install scriptblock to firefox. IE users options are pretty much limited to uninstalling java totally or not even care as using IE is inherently unsafe Instructions how to remove java from IE here: http://windows.microsoft.com/en-us/windows7/How-to-manage-add-ons-in-Internet-Explorer-9

[gyrene81]

lol, nice find Ripley even with the "IE is unsafe" b.s.

[Skuzzy]

Java is bad,....mmmm kay?

[MrRiplEy[H]]

lol, nice find Ripley even with the "IE is unsafe" b.s.

IE _is_ unsafe and it's no b.s. In fact it's so unsafe that many exploits of other browsers rely on the existence of IE and its security holes to be able to do actual harm. That's why it's not enough to stop using IE, you actually need to lock it down completely even if you don't use it for this reason.

[Krusty]

Matter of fact my system got pretty slow about 30 minutes ago, had the busy symbol by my cursor, and then said "a program is trying to shut down avast... let it? Yes/No"

Naturally I chose no. Then I noticed the java icon in my tray. Shut that down ASAP. Turns out yahoo was up to check my mail. Probably snuck in via one of their stupid ad banners. Checked task manager for anything suspicious, but nope. I'm convinced it was JAVA initiated. Checked a few things, made sure I was good to go.

Otherwise I have a somewhat safe setup for MSIE. I also have Firefox because I like being able to shut off javascript with a single checkbox.

No kidding, this exploit really is out there.

[TequilaChaser]

below is a link to kerbsonsecurity article reporting on this exploit of Java 7......  it attacks all browsers using the java plug-in, according to the article

and gives some options of how to work around it if one must need to

http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/

hope this is helpful

TC

[RTHolmes]

java is pointless. carry on.

[Chalenge]

And now you know why it is sometimes a good idea to have more than a single browser installed.

[gyrene81]

IE _is_ unsafe and it's no b.s. In fact it's so unsafe that many exploits of other browsers rely on the existence of IE and its security holes to be able to do actual harm. That's why it's not enough to stop using IE, you actually need to lock it down completely even if you don't use it for this reason.

of course ie has vulnerabilities but then so does windows. a little common sense and some tweaking and the security holes and be limited. if you did more actual research you would find that every browser has and/or had security holes, many can be closed up with a few mouse clicks, some take add-ons when available, and some just have to wait for the devs to get their act together.

this year it looks like chrome is the most secure, so far...if you don't mind google spying on your web browsing.
http://www.accuvant.com/capability/accuvant-labs/security-research/browser-security-comparison-quantitative-approach

last year a hackers conference said chrome and firefox were most secure...noting that all web browsers experience security vulnerabilities.
http://antivirusdigest.com/2011/03/most-secure-web-browser-for-2011/

[715]

Java and javascript are actually completely unrelated right?

I don't have Java installed and I use Opera which allows you to turn on javascript only for web sites you wish.  (That's not really a good security factor though, because almost no web pages work properly with javascript turned off.)

[zack1234]

I got fetled couple of months ago

I disabled or that Active X nonsense and disabled everything on IE.

If i need to view anything on internet I use my phone, its safer.

[Bizman]

last year a hackers conference said chrome and firefox were most secure...noting that all web browsers experience security vulnerabilities.

IIRC they held a competition about who could find the most vulnerabilities in browsers. Naturally all competitors started with the one whose wormholes are best known, leaving the newcomer almost untouched. That's one reason Chrome succeeded.

Some years ago I read some guru's comments about the new IE, it might have been IE7. The hype about its better security had been huge before the release and the guru was more than disappointed to see that his long time pointing to IE vulnerabilities had not carried fruit. He had a list of about 30 settings that should be disabled for safer browsing. So I did as he advised, only replacing "disable" with "ask before". Now whaddayaknow: My whole Internet experience was crippled! No more online pastime games among other things... I guess even using this BB could have some issues with smilies, text formatting, search function etc., but I'm not sure. Well, for me it was not a big PITA, I knew what I was doing and could easily reset my settings, but for an average net user the safe settings would be a synonyme for a broken computer.

[MrRiplEy[H]]

this year it looks like chrome is the most secure, so far...if you don't mind google spying on your web browsing.

This is a bit concerning but then again I find 50% of the websites I browse through google as it is... Linux + stumbleupon is a great passtime btw.

[Zeagle]

All I can find on the net is a bunch of generalized descriptions and people throwing around words that they probably don't even understand concerning this so-called exploit.

When it comes to these computer exploit things I always look for the following....

1. Who exactly found it. I want names. Not "some researchers at ...."
2. What EXACTLY is the code and what EXACTLY does it do? Seems to be too hard for most reporters to answer...I don't want to hear "allows an attacker to take control of "...show me the code.
3. How to protect your system....usually all you get is "download this update" or "so and so is coming out with a patch"..suspicious to me.

So don't panic. Just use a little common sense in protecting your systems on the net. 

Anyone who doesn't know the difference between Java and Java Script should not be writing computer security articles.

[MrRiplEy[H]]

All I can find on the net is a bunch of generalized descriptions and people throwing around words that they probably don't even understand concerning this so-called exploit.

When it comes to these computer exploit things I always look for the following....

1. Who exactly found it. I want names. Not "some researchers at ...."
2. What EXACTLY is the code and what EXACTLY does it do? Seems to be too hard for most reporters to answer...I don't want to hear "allows an attacker to take control of "...show me the code.
3. How to protect your system....usually all you get is "download this update" or "so and so is coming out with a patch"..suspicious to me.

Protecting yourself is simple: Do not let Java to run.

More info here: http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html