Singapore Expats Forum

JAVA Security!

Discuss about computers & Internet. Including mobile phones, home appliances & other gadgets. Read about Windows security risks or virus updates.
User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Sat, 12 Jan 2013 8:45 am

Mi Amigo wrote:Hey zzm, I certainly don't want to get into a pissing contest either, partly because I'd obviously lose, given that you are a security expert and I'm just an interested amateur; but also because I respect you as a long-standing member of this forum. I apologise if my comments came across as provocative - that certainly wasn't the intention.

Oh wow no! No offense taken at all! Sorry if I perceived as hostile in my reply.

Just out of interest, which sites, podcasts, etc. do you use to get reliable security information? I read Brian Krebs' blog and check out the Sans site from time to time, plus I listen to the 'Cisco Cyber Risk Report' podcast. I'm sure there are many other good sources of info, but some of the other ones I've found have been somewhat impenetrable for a non-expert like me.


Brian Kreb's article is the one I would recommend for non-security (but technical) people in lieu of GRC. It's pretty good. My person favorite Podcast is Risky Business, it's weekly (http://risky.biz/). It always has a news then technical interviews, and he keeps both sections grounded pretty well with accurate technical info but at a level non-security people can still follow along. The news section is particularly good because they tend to call out ridiculous media hype on these issues and comment as to why.

A decent blog also is threatpost.com. Here is a post from it on this particular story:
http://threatpost.com/en_us/blogs/incom ... ess-011113

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Sat, 12 Jan 2013 8:54 am

Strong Eagle wrote:If one is running a good anti-virus, anti-malware product, you won't get infected in the first place. One must first load the naughty software onto your PC, and if spurious browser requests are blocked, and the anti-virus companies block known infection sources, chances are low that you will get smacked.

Porn and warez surfers beware.


The only risk in this is that this type attack is called "0-day" because it is loose in the wild before anti-virus and anti-malware products have had a chance to provide an update for it.

Here's a bad analogy:
Think of it like an open wound. Oracle has dropped the ball on getting that wound closed up (patched) in a timely manner. You know it's going to get infected, but you can't medicate (anti virus/malware) for it until you know exactly which infection is going to hit it. :)

User avatar
Mi Amigo
Manager
Manager
Posts: 1789
Joined: Sat, 19 Jun 2004
Location: Kinto Pino

Postby Mi Amigo » Sat, 12 Jan 2013 11:00 am

zzm, thank you - I'll certainly check out those sites and the podcast you mentioned.
Be careful what you wish for

User avatar
nakatago
Moderator
Moderator
Posts: 8333
Joined: Tue, 01 Sep 2009
Location: Sister Margaret’s School for Wayward Children
Contact:

Postby nakatago » Sun, 13 Jan 2013 2:58 pm

I'm still in vacation mode but here's something: http://gizmodo.com/5975475/how-to-disab ... ur-browser

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Sun, 13 Jan 2013 6:51 pm

Brian Krebs (very good security columnist Amigo mentioned) also has a nice FAQ on this:

http://krebsonsecurity.com/2013/01/what ... a-exploit/

Read it if you don't understand exactly what Java is, how it's completely different from JavaScript, whether or not your Mac is affected, etc.

synack
Newbie
Newbie
Posts: 13
Joined: Fri, 19 Oct 2012
Location: Singapore

Postby synack » Thu, 17 Jan 2013 10:41 pm

Speaking of Java, a new 0-day exploit was discovered as soon as Oracle patched the old one. So it is probably best to disable Java in the browsers if not uninstall it all together :-) just to be safe.

Other than Java, there have been some critical updates for IE, Adobe Flash, Adobe Reader this week. And somebody earlier announce that they have got a proof of concept for rooting Linksys routers remotely http://www.net-security.org/secworld.php?id=14234 . Not good

Those who are on Windows, a combination of Antivirus and Patch Management software like Secunia (free) PSI http://secunia.com/vulnerability_scanning/personal/ could be useful.

Those on other platforms like Linux/Unix, Android, Mac etc have to be vigilant as well.


  • Similar Topics
    Replies
    Views
    Last post

Return to “Computer, Internet, Phone & Electronics”

Who is online

Users browsing this forum: No registered users and 0 guests

cron