be careful on sites running java, kids

http://www.theregister.co.uk/2012/08/27/disable_java_to_block_exploit/

to disable java:

In Firefox:

Press Firefox button -> Add-ons, go to Plugins and click the "Disable" button next to anything named "Java".

In Chrome : Type in: "chrome://plugins/" into the address bar (no speech marks). Scroll down to Java and click disable.

(although chrome asks before running any java by default)

In Opera : Type in "opera:plugins" into the address bar (no speech marks). Scroll down to:

Java Platform <click on> Disable.

Java Deployment Toolkit <click on> Disable.

In Internet Explorer :

Disable UAC (if enabled) and restart.

Open the Java app in Control Panel.

Go to advanced tab.

Expand Default Java for browsers.

The checkbox next to IE is grayed out. Select Microsoft Internet Explorer and press spacebar so it is unchecked (no tick). Click OK.

You can re-enable UAC and restart now.

due to oracle's release schedule, it'll be a little while before a security update is made available.

Cheers for the heads up man - I'm sure my noscript & NotScipt (for Firefox/Chrome respectively) would've meant I had to manually allowed it anyway but best to be safe and all that !

hardly anything besides the browser version of minecraft and a couple of chess/emulator sites use java now anyway.

what about porn?

(is that java?)

no.

thanks for the heads up man. i would never have found out about this since i barely use the web in the first place.

  Quote

"next batch of fixes isn't due until October 16."

:angry:

Should I turn off Javascript aswell?

  On 8/29/2012 at 12:43 AM, Npoess said:

  Quote

"next batch of fixes isn't due until October 16."

 

:angry:

 

Should I turn off Javascript aswell?

no

javascript is unrelated to java

Okay.

This is not the first time this is happening with Java updates? Seems to happen quite often.

I don't like that my NetBank is using Java to login.

if I never use IE, should I have to worry about disabling anything?

cheers for this btw, only recently I found out that my brand new comp was trolled by the infamous Nginx redirect...luckily it appears that no damage was done.

It's all browsers may dear (well the main ones that are capable of running Java anyway, obviously something like Lynx ain't a problem - yer smartarse ! )

  On 8/29/2012 at 1:56 AM, mcbpete said:

It's all browsers may dear (well the main ones that are capable of running Java anyway, obviously something like Lynx ain't a problem - yer smartarse ! )

lol sorry no jackassery intended, i followed the firefox instructions

where do you disable in safari?

safari > mainframe > control panel > java > "do you want to disable?" > click "OK"

restart computer. go to apps > "no more java? are you sure?" click "i am sure"

go to mainframe > "John is kill?" click "no"

Does this apply if I've been avoiding java updates for the last three years? My god that java updater is annoying as FUCK

ahhh glad i read this

  On 8/29/2012 at 4:29 AM, modey said:

Does this apply if I've been avoiding java updates for the last three years? My god that java updater is annoying as FUCK

This security issue probably not. But your 3 year old Java version will be full of vulnerabilities. It can be dangerous to browse with it enabled.

As kaini said, there are very few websites using Java applets these days so you might as well disable it.

This sucks ass. If I turn off Java, I won't be able to access my home bank.

Isn't this just a problem on 'infected' sites? The ones with the weird script-thingy that downloads a keylogger or whatever? I really need java.

Huh I still have JDK6, guess I'm okay according to the article.

You could use a different browser with Java enabled to do your banking. Or use something like this: https://addons.mozilla.org/en-US/firefox/addon/quickjava/

Any site could get hacked and injected with a malicious Java applet.

  On 8/29/2012 at 7:41 AM, vproc said:

Huh I still have JDK6, guess I'm okay according to the article.

JDK isn't the same as JRE though - the former is for developing and the latter is the runtime environment

  On 8/29/2012 at 3:36 AM, Alcofribas said:

safari > mainframe > control panel > java > "do you want to disable?" > click "OK"

 

restart computer. go to apps > "no more java? are you sure?" click "i am sure"

 

go to mainframe > "John is kill?" click "no"

lol, well done.

zole, turns out my java plugin was already disabled on firefox because it was out of date! hooray!

TO ANYBODY USING MACOSX

Most likely, you're using java 1.6, which is not concerned by this vulnerability

Just search for java preferences in spotlight if you want to know which version you're using.

Anyway this whole thread is gay. I'm using 1.7 and won't do anything about it.

Edit : I confirm this thread is gay. You have more chances to get cheated on by your girlfriend than to get "hacked" by a Russian kid.

it's probably best to rid Java off your system altogether.