Bitcoin Forum
November 21, 2017, 06:00:43 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Computer Users to Disable Java (Important News)  (Read 1923 times)
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1358


Bitcoin: An Idea Worth Spending


View Profile
January 12, 2013, 07:35:44 AM
 #1

http://www.nbclosangeles.com/news/local/US-Government-Department-of-Homeland-Security-Tells-Computer-Users-to-Disable-Java-186580121.html

Quote
Computer users are being advised by the U.S. Department of Homeland Security to temporarily disable the Java software on their computers to avoid potential hacking attacks.

I'm ignorant on stuff like this, but deemed it important for the community.

NITE, ALL! (for real this time)
1511287243
Hero Member
*
Offline Offline

Posts: 1511287243

View Profile Personal Message (Offline)

Ignore
1511287243
Reply with quote  #2

1511287243
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511287243
Hero Member
*
Offline Offline

Posts: 1511287243

View Profile Personal Message (Offline)

Ignore
1511287243
Reply with quote  #2

1511287243
Report to moderator
1511287243
Hero Member
*
Offline Offline

Posts: 1511287243

View Profile Personal Message (Offline)

Ignore
1511287243
Reply with quote  #2

1511287243
Report to moderator
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1190


Will read PM's. Have more time lately


View Profile
January 12, 2013, 07:39:52 AM
 #2

http://www.nbclosangeles.com/news/local/US-Government-Department-of-Homeland-Security-Tells-Computer-Users-to-Disable-Java-186580121.html

Quote
Computer users are being advised by the U.S. Department of Homeland Security to temporarily disable the Java software on their computers to avoid potential hacking attacks.

I'm ignorant on stuff like this, but deemed it important for the community.

NITE, ALL! (for real this time)
I never run Chrome with Java or other plugins active.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
January 12, 2013, 07:47:54 AM
 #3

Interesting they only mention disabling it on computers - I'm pretty sure many late model phones use Java too.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
January 12, 2013, 08:08:21 AM
 #4

Quote
Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) (1/10/2013)

A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a “drive-by download” attack).

Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors.

Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
conspirosphere.tk
Legendary
*
Offline Offline

Activity: 2198


Revolution will be decentralized


View Profile
January 12, 2013, 08:54:22 AM
 #5

Chrome disable instructions
Open Chrome and type chrome://plugins into the location bar.
Click Disable underneath the Java plugin.

Firefox disable instructions
Open Firefox and click the Firefox button -> Add-ons (Tools -> Add-ons in Linux, OS X and Windows XP).
Choose the Plugins tab.
Select the Java plugin(s) and click disable.

Internet Explorer disable instructions
http://nakedsecurity.sophos.com/how-to-disable-java-internet-explorer/
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2842


View Profile
January 12, 2013, 09:00:22 AM
 #6

Oracle's JRE is terrible. Security vulnerabilities are found all the time. Someone should write a more secure replacement. Flash, too.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
TradeFortress
VIP
Legendary
*
Offline Offline

Activity: 910


View Profile
January 12, 2013, 10:50:09 AM
 #7

Oracle's JRE is terrible. Security vulnerabilities are found all the time. Someone should write a more secure replacement. Flash, too.

Flash is a lot safer than Java. Adobe needs:

1) multithread it, add some highly requested features by devs
2) squeeze out more performance out of the vm
3) open source a lot of the code, so foss people feel happy and don't scramble to HTML5

But java is notoriously insecure. Most people probably would've uninstalled Java if not for Minecraft.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1358


Bitcoin: An Idea Worth Spending


View Profile
January 12, 2013, 02:12:25 PM
 #8

http://www.nbclosangeles.com/news/local/US-Government-Department-of-Homeland-Security-Tells-Computer-Users-to-Disable-Java-186580121.html

Quote
Computer users are being advised by the U.S. Department of Homeland Security to temporarily disable the Java software on their computers to avoid potential hacking attacks.

I'm ignorant on stuff like this, but deemed it important for the community.

NITE, ALL! (for real this time)
I never run Chrome with Java or other plugins active.

Won't that cause me to not be able to view YouTube videos?
vampire
Hero Member
*****
Offline Offline

Activity: 574



View Profile
January 12, 2013, 02:41:00 PM
 #9

Oracle's JRE is terrible. Security vulnerabilities are found all the time. Someone should write a more secure replacement. Flash, too.

Flash is a lot safer than Java. Adobe needs:

1) multithread it, add some highly requested features by devs
2) squeeze out more performance out of the vm
3) open source a lot of the code, so foss people feel happy and don't scramble to HTML5

But java is notoriously insecure. Most people probably would've uninstalled Java if not for Minecraft.

I don't hear that often that java was compromised on the server side. Yea, when my browser tries to run an applet, it bitches first - do you really want to run this applet... Then simply gives up since Chrome on OSX wont work with 64 bit java.

With HTML5 you don't need applets, kill them already.
vampire
Hero Member
*****
Offline Offline

Activity: 574



View Profile
January 12, 2013, 02:42:17 PM
 #10

Interesting they only mention disabling it on computers - I'm pretty sure many late model phones use Java too.

Doesn't work on the phone or the server (i dont think phones run applets) It's exploits targeting the sandbox of the browser, by breaking out with a class loader attack.
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
January 12, 2013, 04:26:24 PM
 #11

I never run Chrome with Java or other plugins active.

Won't that cause me to not be able to view YouTube videos?

You may be confusing Javascript with Java applets. Even Flash is not required for all youtube videos (but it is for many), just enable html5 at https://www.youtube.com/html5
 

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
nebulus
Hero Member
*****
Offline Offline

Activity: 490


... it only gets better...


View Profile
January 12, 2013, 05:26:31 PM
 #12

I do not think Oracle will ever get rid of issues like the last one.
Java is an interpreted language and the bottom line is this.

Program is modified at run-time in an interpreted language.

This is a backdoor in itself. For security/privacy sake do not use anything Java.

To me, Java is a language to explain programming concepts and not something to back serious infrastructure like the internet.

The whole interoperability argument is wrong. There are many reasons why.
Coders are just not proficient enough to make ports of their software written in compiled language to different places probably because they do not understand what coding really is.

Java is just a modern day buzz word.

jwzguy
Hero Member
*****
Offline Offline

Activity: 868



View Profile
January 12, 2013, 05:31:58 PM
 #13

https://bitcointalk.org/index.php?topic=135819.0

19wXnWTeGuraN9g5UsMAi119sWzDCQcr7S
Bitcoin Logo shirts!
dancupid
Hero Member
*****
Offline Offline

Activity: 956



View Profile
January 12, 2013, 05:33:38 PM
 #14

What about minecraft? What about my house?
I have several Klein Stars fully loaded with EMC - it seems so unfair.
nebulus
Hero Member
*****
Offline Offline

Activity: 490


... it only gets better...


View Profile
January 12, 2013, 06:39:54 PM
 #15

I do not think Oracle will ever get rid of issues like the last one.
Java is an interpreted language and the bottom line is this.

Program is modified at run-time in an interpreted language.

This is a backdoor in itself. For security/privacy sake do not use anything Java.

To me, Java is a language to explain programming concepts and not something to back serious infrastructure like the internet.

The whole interoperability argument is wrong. There are many reasons why.
Coders are just not proficient enough to make ports of their software written in compiled language to different places probably because they do not understand what coding really is.

Java is just a modern day buzz word.

You do undertand that you haven't made a single coherent argument.

Java is a compiled language. Interpreted languages are PHP / Ruby / Perl.
Java is old, so it cannot be a modern day buzz word. Ruby is a modern day buzzword.

You have no fucking clue what is the software development.

Okay, clever software developer, you...
 
Of course, you know that compiled languages generate machine code from source. Java does not do that.
Java "compiler" (clearly a misnomer) makes bytecode which then is processed in the JRE before it goes into the CPU. This JRE step is what make JAVA an interpreted language.

Why do you get so offended when people say the right thing?


fcmatt
Legendary
*
Offline Offline

Activity: 1190



View Profile
January 12, 2013, 07:08:51 PM
 #16

One cannot avoid java in the corporate world.... Slowly tho it is changing.

██
█║█
║║║
║║║
█║█
██
'BTC MULTI-WALLET SOON'
▬▬▬▬ Download WHITEPAPER ▬▬▬▬

                    ▄██▄
                  ▄██████▄
                ▄██████████
              ▄██████████▀   ▄▄
            ▄██████████▀   ▄████▄
          ▄██████████▀    ████████▄
         ██████████▀      ▀████████
         ▀███████▀   ▄███▄  ▀████▀   ▄█▄
    ▄███▄  ▀███▀   ▄███████▄  ▀▀   ▄█████▄
  ▄███████▄      ▄██████████     ▄█████████
  █████████    ▄██████████▀    ▄██████████▀
   ▀█████▀   ▄██████████▀    ▄██████████▀
     ▀▀▀   ▄██████████▀    ▄██████████▀
          ██████████▀    ▄██████████▀
          ▀███████▀      █████████▀
            ▀███▀   ▄██▄  ▀█████▀
                  ▄██████▄  ▀▀▀
                  █████████
                   ▀█████▀
                     ▀▀▀
e i d o o
██

███▀▀
▐▐▌
▐▌
▐▌
▐▐▌
███▄▄
▀▀███
▐▌▌
▐▌
▐▌
▐▌▌
▄▄███
vampire
Hero Member
*****
Offline Offline

Activity: 574



View Profile
January 12, 2013, 10:35:08 PM
 #17

Okay, clever software developer, you...
 
Of course, you know that compiled languages generate machine code from source. Java does not do that.
Java "compiler" (clearly a misnomer) makes bytecode which then is processed in the JRE before it goes into the CPU. This JRE step is what make JAVA an interpreted language.

Why do you get so offended when people say the right thing?



JVM is using JIT to generate "machine" code on the fly, go enable the interpreter. JIT code is even better than static compiling like C++. Duh. Even damn processors don't even use the machines code directly, they translate it right away and optimize it.

Java is very close to the performance of C++, in some things java is MUCH faster.

So basically you no fucking clue what you talk about.

JRE? May you meant JVM? Yea, clueless.

nebulus
Hero Member
*****
Offline Offline

Activity: 490


... it only gets better...


View Profile
January 13, 2013, 12:02:53 AM
 #18

Okay, clever software developer, you...
 
Of course, you know that compiled languages generate machine code from source. Java does not do that.
Java "compiler" (clearly a misnomer) makes bytecode which then is processed in the JRE before it goes into the CPU. This JRE step is what make JAVA an interpreted language.

Why do you get so offended when people say the right thing?



JVM is using JIT to generate "machine" code on the fly, go enable the interpreter. JIT code is even better than static compiling like C++. Duh. Even damn processors don't even use the machines code directly, they translate it right away and optimize it.

Java is very close to the performance of C++, in some things java is MUCH faster.

So basically you no fucking clue what you talk about.

JRE? May you meant JVM? Yea, clueless.



1. My argument is not about performance. My argument is about Java's security. Why would you take performance over security in a networked world?
2. JVM is a part of JRE (Java Runtime Environment) - just so you know...

Now, imagine a scenario in which a PC runs 10 network/non-network applications written in C and a PC that runs 10 network/non-network applications written in Java.

A hacker only has to breach the java machine once and he can get access to all applications.
On contrary though, a hacker has to breach 10 applications on a C machine.

In reality, Java does not have anything to offer the world besides the " possibly hyped up" JVM. Java is good for learning programming.



vampire
Hero Member
*****
Offline Offline

Activity: 574



View Profile
January 13, 2013, 12:11:35 AM
 #19

1. My argument is not about performance. My argument is about Java's security. Why would you take performance over security in a networked world?
Are you saying that Java is insecure or the browser's sandbox? Java was never designed to run within a browser, it's like running a C++ application in a browser. Java applets are horrible, kill these. Java/JVM are awesome.



2. JVM is a part of JRE (Java Runtime Environment) - just so you know...

it's also part of Scala, JRuby and etc. And they don't include JRE. Just so you know.... They use JRE name, so because you know it doesn't include any development stuff, like JDK... Duh.

In reality, Java does not have anything to offer the world besides JVM which is a layer where all the security problems happens.

Huh? I think you have no idea what you're talking about. Java is one the best languages out there, C# may be slight better designed. But it doesn't run on 100 platforms. And these securities issues, wasn't just a bitcoin site hacked because of Ruby on Rails? And the best online wallet runs on Java??? LOL.


Now, image a scenario in which a PC runs 10 network/non-network applications written in C and a PC that runs 10 network/non-network applications written in Java.

Java was always faster than C in network handling code. That's because there is no centralized network handling library like in Java.


A hacker only has to breach the java machine once and he can get access to all applications.
On contrary though, a hacker has to breach 10 applications on a C machine.

Java is good for learning programming.

LOL I don't know what you just wrote. In C/Java you just need breach one layer, it's called "uid 0"

Keep posting these dumb facts, it's entertains me.

nebulus
Hero Member
*****
Offline Offline

Activity: 490


... it only gets better...


View Profile
January 13, 2013, 12:49:03 AM
 #20

Thanks, I'm done.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!