• Disable Java NOW, users told, as 0-day exploit hits web
    251 replies, posted
[quote] A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle's Java patch schedule, it may be some time before a fix becomes widely available. The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday, while PCs with Java versions 1.6 or earlier installed are not at risk. The vulnerability allows attackers to use a custom web page to force systems to download and run an arbitrary payload – for example, a keylogger or some other type of malware. The payload does not need to be a Java app itself. In the form in which it was discovered, the exploit only works on Windows machines, because the payload that it downloads is a Windows executable. But the hackers behind the Metasploit penetration testing software say they have studied the exploit and found that it could just as easily be used to attack machines running Linux or Mac OS X, given the appropriate payload. All browsers running on these systems were found to be vulnerable if they had the Java plugin installed, including Chrome, Firefox, Internet Explorer, Opera, and Safari. Although the actual source of the exploit is not known, it was originally discovered on a server with a domain name that resolved to an IP address located in China. The malware it installed on compromised systems attempted to connect to a command-and-control server believed to be located in Singapore. Oracle has yet to comment on the vulnerability or when users should expect a fix, but it might be a while. The database giant ordinarily observes a strict thrice-annual patch schedule for Java, and the next batch of fixes isn't due until October 16. Downgrading to an earlier version of Java is not advised, because even though earlier versions aren't vulnerable to this particular exploit, they may contain other bugs that expose still other vulnerabilities. In advance of any official patch, and because of the seriousness of the vulnerability, malware researchers at DeepEnd Research have developed an interim fix that they say seems to prevent the rogue Java code from executing its payload, although it has received little testing. Because the patch could be used to develop new exploits if it fell into the wrong hands, however, DeepEnd Research is only making it available by individual request to systems administrators who manage large numbers of clients for companies that rely on Java. For individual users, the researchers say, the best solution for now is to disable the Java browser plugin until Oracle issues an official patch. [/quote] [url]http://www.theregister.co.uk/2012/08/27/disable_java_to_block_exploit/[/url] Oh shit, disabling Java now.
Good thing I never update Java.
When was this update released.. I havent updated Java in a hell of a long time
This is exactly why I set everything to manual update.
wait, only on browsers or in everything?
[QUOTE=D3TBS;37444949]how do you disable it?[/QUOTE] chrome://plugins ->disable
Go to Control Panel > Java > About to check what version you have. Version 6 or below and you'll be fine. Shamelessly copied from Reddit: [B]In Firefox[/B]: Press Firefox button -> Add-ons, go to Plugins and click the "Disable" button next to anything named "Java". [B]In Chrome[/B]: Type in: "chrome://plugins/" into the address bar (no speech marks). Scroll down to Java and click disable. [B]In Opera[/B]: Type in "opera:plugins" into the address bar (no speech marks). Scroll down to: Java(TM) Platform <click on> Disable. Java Deployment Toolkit <click on> Disable. [B]In Internet Explorer[/B]: Disable UAC (if enabled) and restart. Open the Java app in Control Panel. Go to advanced tab. Expand Default Java for browsers. The checkbox next to IE is grayed out. Select Microsoft Internet Explorer and press spacebar so it is unchecked (no tick). Click OK. You can re-enable UAC and restart now. [QUOTE=omegasupreme1;37445102][B]Safari[/B]: Open Safari and click Safari | Preferences. Click the Security tab and uncheck Enable Java[/QUOTE]
Nevermind, I don't even have javascript installed on my chrome.
Disabled now...... Fuck those assholes they just wanna watch the world burn.
-snip- fuckin ninjas man
Done, thanks for posting.
Good thing Java has been telling me to update for well over a year now
-snip- cause -snap-
My Java never works in Firefox because I've got the 64-bit version (and Firefox is only [i]officially[/i] 32-bit) :v: Oh well, I hope it gets fixed relatively soon.
And I just updated Java yesterday so I could play runescape again shit
Thanks for the information, OP.
[QUOTE=VeniVidiVici74;37444993]Grow up and get chrome[/QUOTE] Okay what is that supposed to mean? Chrome is a piece of shit compared to firefox.
[QUOTE=Tobor;37445012]Okay what is that supposed to mean? Chrome is a piece of shit compared to firefox.[/QUOTE] They're both great browsers with pros and cons, ignore everyone.
[QUOTE=Tobor;37445012]Okay what is that supposed to mean? Chrome is a piece of shit compared to firefox.[/QUOTE] Don't even start. Both browsers are equally better than Internet explorer.
lol i panicked and then when i looked i dont even have java
[QUOTE=Tobor;37445012]Okay what is that supposed to mean? Chrome is a piece of shit compared to firefox.[/QUOTE] [I]opinions[/I]
manual updates reveals userfull this time
[QUOTE=Tobor;37445012]Okay what is that supposed to mean? Chrome is a piece of shit compared to firefox.[/QUOTE] This is a dumb thing to say. So is "grow up and get chrome".
[QUOTE=cwook;37445045][I]opinions[/I][/QUOTE] Can you use adblock and greasemonkey on chrome? No you can't, give me a reason why chrome is better I dare you.
[QUOTE=Tobor;37445066]Can you use adblock and greasemonkey on chrome? No you can't, give me a reason why chrome is better I dare you.[/QUOTE] Why the fuck does it matter what browser someone uses.
[QUOTE=Tobor;37445066]Can you use adblock and greasemonkey on chrome? No you can't, give me a reason why chrome is better I dare you.[/QUOTE] You can use adblock and greasemonkey scripts, your opinion is invalid
I fucking knew it. I got infected by this a few days ago through pingtest.net. [URL]http://www.facepunch.com/showthread.php?t=1206985[/URL] I have removed all the malware since, but I don't feel safe using the latest update, and I don't want to disable Java completely. Anyone got a link to version 6? EDIT: [QUOTE=UnknownDude;37445194]I found a download link for v6 if you are on v7 and need to roll back. [URL]http://www.freewarefiles.com/Java-Runtime-Environment-JRE-6_program_16852.html[/URL] Uninstall v7 from add/remove programs and install this.[/QUOTE]
[QUOTE=Tobor;37445066]Can you use adblock and greasemonkey on chrome? No you can't, give me a reason why chrome is better I dare you.[/QUOTE] Yes you can
[QUOTE=MrEndangered;37444967]Go to Control Panel > Java > About to check what version you have. Version 6 or below and you'll be fine. Shamelessly copied from Reddit: [B]In Firefox[/B]: Press Firefox button -> Add-ons, go to Plugins and click the "Disable" button next to anything named "Java". [B]In Chrome[/B]: Type in: "chrome://plugins/" into the address bar (no speech marks). Scroll down to Java and click disable. [B]In Opera[/B]: Type in "opera:plugins" into the address bar (no speech marks). Scroll down to: Java(TM) Platform <click on> Disable. Java Deployment Toolkit <click on> Disable. [B]In Internet Explorer[/B]: Disable UAC (if enabled) and restart. Open the Java app in Control Panel. Go to advanced tab. Expand Default Java for browsers. The checkbox next to IE is grayed out. Select Microsoft Internet Explorer and press spacebar so it is unchecked (no tick). Click OK. You can re-enable UAC and restart now.[/QUOTE] [B]Safari[/B]: Open Safari and click Safari | Preferences. Click the Security tab and uncheck Enable Java
[QUOTE=Swilly;37444971]Nevermind, I don't even have javascript installed on my chrome.[/QUOTE] You uhhh...can't uninstall JavaScript man. It's kinda part of the base of Chrome. You can disable it, but it would fuck so many sites up it's unreal.
Sorry, you need to Log In to post a reply to this thread.