Java

Earlier this year Oracle ORCL 50,56 +0,21 +0,42% announced starting with JDK 9 (eta September 2016), they will remove the plugin support. They are encouraging developers to move towards the plugin free Java Web Start technology. Oracle’s reasoning for this move has to do with more and more browsers removing support the 20+ year old Netscape Plugin Application Programming Interface (NPAPI) plugin technology. GoogleGoogle Inc. 955,99 +8,83 +0,93% Chrome no longer supports NPAPI plugins such as Java and Silverlight. Google has partnered with Adobe ADBE 146,16 +1,11 +0,77% to include an integrated version of Flash within Chrome. The Windows 64-Bit version of Firefox also does…

Read More

Fake ‘Java Repair’ Email

There is an email going around claiming to be from Oracle (the makers of Java) that contains a link and/or attachment to download a Java update. Clicking the link or opening the attachment can result in malware being installed on your system. If you get one of these emails, discard it, it is not real. Bottom line, Oracle is not sending out emails to let Java users know there is an update. If you are not sure you have the most recent version of Java, you can go to Oracle’s site and check.  via eweek

Read More

Browser Plugin Vulnerability Alerts

Normally, I don’t re-post from my Firefox Blog, but these browsers plugin vulnerabilities affect other browsers (such as Chrome & Safari) besides Firefox. Dangerous vulnerability in latest Java version Version: Java 7 Update 10 Issue: Can be used for Cyber attacks (even on fully patched Windows machines) Recommend Action: Browser plugin should be disabled or sandboxed (see Work Around below)) Work Around: For those who MUST have Java, use Firefox 17 is or newer. The Java plugin will be installed but ‘sandboxed’. The plugin will not execute/run until the user gives permission ‘click to play‘ on a per site basis. The user will…

Read More

Mozilla Enables Click To Play for Java

Java Release 7 Update 11 (released January 13, 2013) fixes this issue. More info here. In response to the recent news about the major vulnerability found in Java 7 Update 10, Mozilla has enabled click to play for recent versions of Java on all platforms (Java 7u9, 7u10, 6u37, 6u38). This is being done automatically for users who are using Firefox 17 or newer. The Click To Play feature ensures that the Java plugin will not load unless a user specifically clicks to enable the plugin. This protects users against drive-by exploitation, one of the most common exploit techniques used to compromise vulnerable users….

Read More

Dangerous vulnerability in latest Java version

Java Release 7 Update 11 (released January 13, 2013) fixes this issue. More info here. ” The latest Java version, Java 7 Update 10 contains a critical security vulnerability which is reportedly already being used for large scale cyberattacks. Users who have Java installed on their computers should deactivate the Java plugin in their browsers without delay. …” Source: The H Security: News and Features More  Dangerous vulnerability in latest Java version

Read More

Manage Java on your PC

Windows “JavaRa is a sweet little program that allows you to manage Java on your PC. It comes with functionality to uninstall old Java versions, update the Java Runtime Environment (JRE) to the latest version, install the latest version of Java, and perform a number of other features related to Oracle’s Java technology.“JavaRa 2.0 has just been released by its author, … “ Source: Ghacks.net JavaRa 2.0: manage Java on your PC Go get it.

Read More

I have come to the realization now, that I should except any software I download and install to try and sneak bloatware or Malware on to my system. This can be in the form of a browser toolbar or some type of ‘security software’ or Windows optimizer. Avast! has their WebRep extension that is installed into all the browsers on your system. This is suppose to tell you how reputable a site is when you are doing a Google search. Java is partnering now with McCrappy McAfee. Waterfox now serves up a bunch of stuff from AVG unless you go hunting around the custom install…

Read More

Protect Against the New Actively Exploited Java Vulnerability

This is cross-platform. ” Security researchers have proposed several methods for users to protect their computers from ongoing attacks that target a new and yet-to-be-patched vulnerability in all versions of Java Runtime Environment 7.…“The new vulnerability is considered extremely critical and can be exploited to execute malicious code on a system by simply visiting a maliciously crafted Web page from a Web browser that has the Java plug-in enabled… “ Source: PCWorld Business CenterMore  Six Ways to Protect Against the New Actively Exploited Java Vulnerability

Read More