Singapore Expats

JAVA Security!

Discuss about computers & Internet. Including mobile phones, home appliances & other gadgets. Read about Windows security risks or virus updates.
Post Reply
User avatar
zzm9980
Governor
Governor
Posts: 6869
Joined: Wed, 06 Jul 2011 1:35 pm
Location: Once more unto the breach

Post by zzm9980 » Sat, 12 Jan 2013 8:45 am

Mi Amigo wrote:Hey zzm, I certainly don't want to get into a pissing contest either, partly because I'd obviously lose, given that you are a security expert and I'm just an interested amateur; but also because I respect you as a long-standing member of this forum. I apologise if my comments came across as provocative - that certainly wasn't the intention.

Oh wow no! No offense taken at all! Sorry if I perceived as hostile in my reply.
Just out of interest, which sites, podcasts, etc. do you use to get reliable security information? I read Brian Krebs' blog and check out the Sans site from time to time, plus I listen to the 'Cisco Cyber Risk Report' podcast. I'm sure there are many other good sources of info, but some of the other ones I've found have been somewhat impenetrable for a non-expert like me.
Brian Kreb's article is the one I would recommend for non-security (but technical) people in lieu of GRC. It's pretty good. My person favorite Podcast is Risky Business, it's weekly (http://risky.biz/). It always has a news then technical interviews, and he keeps both sections grounded pretty well with accurate technical info but at a level non-security people can still follow along. The news section is particularly good because they tend to call out ridiculous media hype on these issues and comment as to why.

A decent blog also is threatpost.com. Here is a post from it on this particular story:
http://threatpost.com/en_us/blogs/incom ... ess-011113

User avatar
zzm9980
Governor
Governor
Posts: 6869
Joined: Wed, 06 Jul 2011 1:35 pm
Location: Once more unto the breach

Post by zzm9980 » Sat, 12 Jan 2013 8:54 am

Strong Eagle wrote:If one is running a good anti-virus, anti-malware product, you won't get infected in the first place. One must first load the naughty software onto your PC, and if spurious browser requests are blocked, and the anti-virus companies block known infection sources, chances are low that you will get smacked.

Porn and warez surfers beware.
The only risk in this is that this type attack is called "0-day" because it is loose in the wild before anti-virus and anti-malware products have had a chance to provide an update for it.

Here's a bad analogy:
Think of it like an open wound. Oracle has dropped the ball on getting that wound closed up (patched) in a timely manner. You know it's going to get infected, but you can't medicate (anti virus/malware) for it until you know exactly which infection is going to hit it. :)

User avatar
Mi Amigo
Manager
Manager
Posts: 1794
Joined: Sat, 19 Jun 2004 10:23 pm
Location: Kinto Pino

Post by Mi Amigo » Sat, 12 Jan 2013 11:00 am

zzm, thank you - I'll certainly check out those sites and the podcast you mentioned.
Be careful what you wish for

User avatar
nakatago
Moderator
Moderator
Posts: 8364
Joined: Tue, 01 Sep 2009 11:23 pm
Location: Thunderbolts* HQ

Post by nakatago » Sun, 13 Jan 2013 2:58 pm

I'm still in vacation mode but here's something: http://gizmodo.com/5975475/how-to-disab ... ur-browser
"A quokka is what would happen if there was an anime about kangaroos."

User avatar
zzm9980
Governor
Governor
Posts: 6869
Joined: Wed, 06 Jul 2011 1:35 pm
Location: Once more unto the breach

Post by zzm9980 » Sun, 13 Jan 2013 6:51 pm

Brian Krebs (very good security columnist Amigo mentioned) also has a nice FAQ on this:

http://krebsonsecurity.com/2013/01/what ... a-exploit/

Read it if you don't understand exactly what Java is, how it's completely different from JavaScript, whether or not your Mac is affected, etc.

synack
Newbie
Newbie
Posts: 13
Joined: Fri, 19 Oct 2012 12:01 am
Location: Singapore

Post by synack » Thu, 17 Jan 2013 10:41 pm

Speaking of Java, a new 0-day exploit was discovered as soon as Oracle patched the old one. So it is probably best to disable Java in the browsers if not uninstall it all together :-) just to be safe.

Other than Java, there have been some critical updates for IE, Adobe Flash, Adobe Reader this week. And somebody earlier announce that they have got a proof of concept for rooting Linksys routers remotely http://www.net-security.org/secworld.php?id=14234 . Not good

Those who are on Windows, a combination of Antivirus and Patch Management software like Secunia (free) PSI http://secunia.com/vulnerability_scanning/personal/ could be useful.

Those on other platforms like Linux/Unix, Android, Mac etc have to be vigilant as well.

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Computer, Internet, Phone & Electronics”

Who is online

Users browsing this forum: No registered users and 2 guests