Oracle updates Java, security expert says it still has bugs [UPDATED]

Oracle updates Java, security expert says it still has bugs

www.reuters.com

Oracle Corp released an emergency update to its widely used Java software for surfing the Web on Sunday, days after the U.S. government urged PC users to disable the program because of a bug it said made computers vulnerable to attack by hackers.

(visit the link for the full news article)

UPDATED STORY
Oracle says Java is fixed; feds maintain warning

Oracle said installing its "Update 11" will fix the problem.

hii all

An update by oracle, and I still dont know what to do..

Can we turn java back on?

We don't dare to tell users that it's safe to enable Java again," said Gowdiak, a researcher with Poland's Security Explorations.

An Oracle spokeswoman declined to comment on Gowdiak's analysis.


www.reuters.com
(visit the link for the full news article)

there is more bugs in java then a tiajuana whore house

reply to post by goou111

Java has never been a particularly safe platform anyway. The only reason you are any more unsafe now, than you were a few days ago, is because the exploit has been shouted from the rooftops.

"Please, come and take advantage of the hole we left open! It's been there through several versions, but now we're broadcasting it so everyone knows!"

I'm not sure what is REALLY going on here, but it's not near as much about this exploit, as it is about this exploit benefitting the industry in some way I'm not seeing yet. For me, my java will be staying on and updated.

reply to post by goou111
I had uninstalled mine a few days ago, then reinstalled it yesterday as I couldn't get into Chat without it. I just updated it from the Java control panel and it is on. Even though it still has some bugs I realized that basically any program can be hacked and it's vulnerabilities taken advantage of by criminals.

A very good point was made on the ATS Live show. Someone said to ask yourself why would someone want to hack your personal computer? What do you have in there that would be so valuable that someone would single you out? After thinking about it I realized that nobody really wants my Hawaiian vacation pictures and I don't store passwords or account numbers on it- so nobody cares but me.

reply to post by littled16


One word, botnet. Hackers want to hack your computer for things like that. Aim the botnet at a target website, and all the infected computers start firing at it, DDOS.

Also, not everyone is smart about computers, and might very well have important numbers and passwords etc right there in a text file on their desktop

reply to post by TKDRL
That is true, but if hackers want to use your computer for a botnet there are other programs that are just as vulnerable as Java (Adobe Reader for example). I guess you're probably right about some people keeping too much information on their computers though. I have to stay on my parents about certain things like saving passwords that log them into financial websites, etc. I keep telling them it's like signing every blank check in your checkbook and leaving it out on the table.

So...yeah, I disabled it yesterday.

(No 'chat' access now!)

Are you recommending leaving it off? If so, what is the alternative? (I thought it was kind of like Adobe - you either have it, or you don't - no "otherwise" about it.....)

Thx for the update!

Originally posted by Klassified
reply to post by goou111

 

Java has never been a particularly safe platform anyway. The only reason you are any more unsafe now, than you were a few days ago, is because the exploit has been shouted from the rooftops.

"Please, come and take advantage of the hole we left open! It's been there through several versions, but now we're broadcasting it so everyone knows!"

I'm not sure what is REALLY going on here, but it's not near as much about this exploit, as it is about this exploit benefitting the industry in some way I'm not seeing yet. For me, my java will be staying on and updated.

edit on 1/13/2013 by Klassified because: (no reason given)

Go ahead and leave it on... I know of 12 other zero days that have not been published...

reply to post by HunkaHunka

Go ahead and leave it on... I know of 12 other zero days that have not been published...

Actually, last I heard there were a lot more than that. But the fact remains, Java(and Flash too) has always had these problems, and they won't go away with the newest patch. Nor will you be any more or less safe than you were before this was made known. It's fear mongering by the industry, and I think at least a portion of the media knows it.

Maybe anti-virus and anti-malware sales are down.

Nevertheless, I don't expect anyone to listen to me but my own customers. ATS members don't know me from Adam, and I realize that. But I won't be advising my customers to turn off their java. However, I will be advising them to take other precautions that everyone should be taking anyway.

For those interested... Clearing the java cache

reply to post by Klassified


ACK!! So, now that I uninstalled it, how do I get it back??
(boo!!! )

reply to post by wildtimes
Here you go wildtimes:

Newest Java Download

Originally posted by wildtimes
reply to post by Klassified

 

ACK!! So, now that I uninstalled it, how do I get it back??

(boo!!!

)

edit on 13-1-2013 by wildtimes because: (no reason given)

Sent you a U2U with links.

Thanks, friends!
I'm trying...
navigating the window pop-ups and blocks and allows and cancels and disallows....
thought I had it, but then when I clicked 'chat' it said "nope! you don't have it!"

I'll keep trying.

reply to post by Klassified


I appreciate your advice.
Won't running CCleaner do the same thing?
Or clearing your browser cache??

reply to post by Klassified


GO IT!!!
Thanks, man!



(I use COMODO for anti-trouble - seems to be the best available free stuff, from reviews I read at the time)....

Originally posted by DontTreadOnMe
reply to post by Klassified

 

I appreciate your advice.
Won't running CCleaner do the same thing?
Or clearing your browser cache??

Yes. Ccleaner is an awesome tool. But you have to manually check the little box under the applications tab that says "sun java", or it won't clear it.

reply to post by Klassified


My box was checked.
How often should it be cleared.....I usually run the tool weekly.....
Just easier to clean out everything, after all.

Originally posted by wildtimes
reply to post by Klassified

 

GO IT!!!
Thanks, man!

(I use COMODO for anti-trouble - seems to be the best available free stuff, from reviews I read at the time)....

Good for you. Never, ever, pay for an anti-virus as long as there are good free ones to be had. Another one is Avast free. Just be sure and turn off its sandbox feature, it'll drive you nuts.

Originally posted by DontTreadOnMe
reply to post by Klassified

 

I appreciate your advice.
Won't running CCleaner do the same thing?
Or clearing your browser cache??

I use my ccleaner at the end of every day myself. And right now, keeping everything cleared is a good idea, to help prevent timed exploits from sitting on your machine.

ETA: Thank you BTW.