Again, this has been the case since August. Thus the reason the DHS has now gotten involved. http://www.cert.org/blogs/certcc/2012/08/disabling_the_java_7_plug-in_o.html
This is an overstatement. Javascript is the KING of security holes from using the internet. You know this. The OP's security alert is brand new. The August Java 7 alert have been fixed. You are not being fair to Oracle. When I said "I stand corrected," I was talking about the DHS joined CERT in 2006 to create the US-CERT. However, CERT (Carnegie Mellon) is still the authority for created most of the alerts that the govt (NIST and US-CERT) republish. I don't know this, but I hope DHS is merely organizing and sponsoring other security teams that already exist. These alerts would agree ... since they came from CERT. I certainly hope we are not paying for needless redundancy. That bug has been fixed. And if you follow Art's blogs, he is a wee bit over dramatic vs Will who published these two java alerts (the august one and this new one.) Plus, note in this chicago tribune article, they mention how the German Govt publish a recommendation to turn off IE back in Sept. Did DHS do that? no. And Germany said to wait for Microsoft to put out a fix. Oracle fixed the August bug, and will fix this new one, if they haven't already. What I'm saying it telling people to disable java is like telling people to disable Flash, ActiveX, IE and javascript. Show CERT alerts that tell people to do that? javascript is the KING of vulnerabilities, and these will never go away, because the very existence of javascript allows this to occur. We should probably just tell people to DISABLE THE INTERNET NOW
So https://www1.gotomeeting.com/join/328679785 is not a website? I'm not sure where you are going with this, but GoToMeeting will not launch if you disable Java in your browser. Hell, the Chicago Tribune article in the OP even mentions this. It is completely irresponsible for Art Manion at CERT to say "Disable Java in Web-browsers NOW" The attack requires you to go (directly or indirectly) to an attackers website, just like any web-based attack. This attack must be launched by malicious code. Telling people to disable GoToMeeting is absurd. The proper recommendation is to temporarily avoid all untrusted websites until Oracle puts out a fix.
I hope you're not making a statement about the Java language ... if so, I'm going to have to go Medieval on your ass. this discussion is about Java Applets, no? I'm not a fan of creating java applets, but because of GtM, I still must have Java enabled in my browser or I can't do my work.
Um, for those of us who are not computer hacker/nerd types, and with kids who love Minecraft, what is the verdict here? In layman's terms, please. Thanks.
If your JRE is Java 6, you are not vulnerable. If you are Java 7, then you are. Your browser's Add-on page will tell you what version you are on. CERT says "please consider disabling Java within your browser." I say, if you don't need Java, then turn it off. But you do need it for Minecraft. You can still leave it on and be just fine. Tell everyone to avoid going to any untrusted web sites. You are not vulnerable unless you go to an evil site who wants to attack you. If you absolutely have to go to a p*rn site or a streaming NBA site, then simply disable Java temporarily and turn it back on for your kids. Upgrade your virus scanner, too. When Oracle fixes the bug, update your JRE. I suspect they will have a patch out this week, if not already. I'll post in this thread again, when the fix becomes available.
This just in, Oracle announces emergency patch is available now. The scare is over. Rashmon, go upgrade your kids' machines now, if you are on Java 7. http://news.cnet.com/8301-1009_3-57...es-software-update-to-fix-java-vulnerability/
Entire corporations depend on Cisco WebEx for their teleconferencing needs. Telling them to turn off Java is basically disaster. IT departments around the country will have nightmares tomorrow.
Oracle has set Java ablaze and they lack any direction, but it'll still be around and used for the next 10 years. Java won't die. For enterprise and corporate stuff you have three bigs to choose from for reliability and scalability: Java, C++, and C#. There's also C, but there's a supply constraint on capable C coders. You can use something JVM related like Closure, Scala or Jruby, but that still touches Java. Even with all the talk about Flash being obselete, I'm thinking it'll stick around for 4-5 more years and will reinvent itself for html5. Oracle is full of r****ds...sending casual users to dev centric pages with no support whatsoever. They're ****ing evil, namely its consultants and "support" departments, and I hope that company burns.
Yes. It was on my PC this morning and I ignored it. I, like you, need Java running to do my job. Blackboard (web-based course tool) uses its components for interaction, logging, etc., both on the browser and servers.
Looks like Firefox will provide a big warning upon starting it, and give you a update button. For everyone: Here are some instructions I sent around my office for Here's a link that works for both Firefox and Chrome to check your vulnerability. https://www.mozilla.org/en-US/plugincheck/ If you Java Plugin says "Vulnerable" then you have Java 7. Update it. If it says "Out of Date" then you have Java 6. You don't have to update it, unless you want to...you are not affected. For IE, go to Tools | Manage Add-ons. Look for Java and check your version. If you are 7, go here http://www.java.com/en/download/index.jsp
Java won't die like most technologies won't die, because management in corporate America is full of idiots. I go to client's weekly who are still running Windows NT and Windows 2000 servers. I also visit client's who's most important application are 16 bit applications. The technological ineptness of upper level management knows no bounds. I know we have some Java programmers and lovers here, but like it or not but in-browser programming languages are the future. HTML 5 and other web frameworks are changing the game, and rightfully so. Flash is slowly dying, Microsoft has killed of Silverlight... now Java, we need to talk.
When you say "Java," you seem to mean "Java Applets"; otherwise, I have no idea why you are comparing Java to HTML 5, Flash and Silverlight. They are not comparable. Do you think the world of software will be completely overtaken by Browser-based application environments? Also, HTML5 is not really a programming language. It's mainly a larger set of tags and tag attributes, which you can then manipulate with javascript. In the end, HTML5 with javascript is not as robust as Java, C# and C++ programming languages. javascript is typeless which makes maintaining code very difficult. While I agree that Java Applets could die soon, there is a reason why huge companies like Cisco and Citrix use them for their web-based communication software. It's more maintainable. But Java as a language dying? I don't see it.
Yes, sorry... I meant applets of course, I am an idiot for not clarifying that. Apologies. I think web-based apps are the future. Look at Google Chrome OS. I don't personally like it Chrome OS, but it is a glimpse of the future. That future being the cloud. PCs will eventually be virtual machines run from the cloud, even your home PC. We're a few decades from there, but that is where it is going. Once bandwidth is not an issue, there's no reason for cloud not to be the future. People originally thought that storage would have been the issue, but we now know that's not the case. I'm well aware that HTML5+JavaScript isn't as robust as server-side languages... yet. Again, only referring to web-based apps and sites here. Obviously compiled programs are here for a long while.
