|
|
|
|
|
|
|
Even if you use Bitcoin through Tor, the way transactions are handled by the network makes anonymity difficult to achieve. Do not expect your transactions to be anonymous unless you really know what you're doing.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
 Offline
Activity: 1288
Merit: 1226
Away on an extended break
|
 |
January 12, 2013, 07:39:52 AM |
|
I never run Chrome with Java or other plugins active. |
|
|
|
|
|
repentance
|
|
January 12, 2013, 07:47:54 AM |
|
Interesting they only mention disabling it on computers - I'm pretty sure many late model phones use Java too.
|
All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
|
|
|
|
niko
|
|
January 12, 2013, 08:08:21 AM |
|
Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) (1/10/2013)
A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a “drive-by download” attack).
Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors.
Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.
|
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
conspirosphere.tk
Legendary
Offline
Activity: 2352
Merit: 1064
Bitcoin is antisemitic
|
|
January 12, 2013, 08:54:22 AM |
|
Chrome disable instructions Open Chrome and type chrome://plugins into the location bar. Click Disable underneath the Java plugin. Firefox disable instructions Open Firefox and click the Firefox button -> Add-ons (Tools -> Add-ons in Linux, OS X and Windows XP). Choose the Plugins tab. Select the Java plugin(s) and click disable. Internet Explorer disable instructions http://nakedsecurity.sophos.com/how-to-disable-java-internet-explorer/ |
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5194
Merit: 12985
|
|
January 12, 2013, 09:00:22 AM |
|
Oracle's JRE is terrible. Security vulnerabilities are found all the time. Someone should write a more secure replacement. Flash, too.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
January 12, 2013, 10:50:09 AM |
|
Oracle's JRE is terrible. Security vulnerabilities are found all the time. Someone should write a more secure replacement. Flash, too.
Flash is a lot safer than Java. Adobe needs: 1) multithread it, add some highly requested features by devs 2) squeeze out more performance out of the vm 3) open source a lot of the code, so foss people feel happy and don't scramble to HTML5 But java is notoriously insecure. Most people probably would've uninstalled Java if not for Minecraft. |
|
|
|
|
Phinnaeus Gage (OP)
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
January 12, 2013, 02:12:25 PM |
|
I never run Chrome with Java or other plugins active. Won't that cause me to not be able to view YouTube videos? |
|
|
|
|
|
vampire
|
|
January 12, 2013, 02:41:00 PM |
|
Oracle's JRE is terrible. Security vulnerabilities are found all the time. Someone should write a more secure replacement. Flash, too.
Flash is a lot safer than Java. Adobe needs: 1) multithread it, add some highly requested features by devs 2) squeeze out more performance out of the vm 3) open source a lot of the code, so foss people feel happy and don't scramble to HTML5 But java is notoriously insecure. Most people probably would've uninstalled Java if not for Minecraft. I don't hear that often that java was compromised on the server side. Yea, when my browser tries to run an applet, it bitches first - do you really want to run this applet... Then simply gives up since Chrome on OSX wont work with 64 bit java. With HTML5 you don't need applets, kill them already. |
|
|
|
|
|
vampire
|
|
January 12, 2013, 02:42:17 PM |
|
Interesting they only mention disabling it on computers - I'm pretty sure many late model phones use Java too.
Doesn't work on the phone or the server (i dont think phones run applets) It's exploits targeting the sandbox of the browser, by breaking out with a class loader attack. |
|
|
|
|
|
niko
|
|
January 12, 2013, 04:26:24 PM |
|
I never run Chrome with Java or other plugins active.
Won't that cause me to not be able to view YouTube videos? You may be confusing Javascript with Java applets. Even Flash is not required for all youtube videos (but it is for many), just enable html5 at https://www.youtube.com/html5 |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
|
nebulus
|
|
January 12, 2013, 05:26:31 PM |
|
I do not think Oracle will ever get rid of issues like the last one.
Java is an interpreted language and the bottom line is this.
Program is modified at run-time in an interpreted language.
This is a backdoor in itself. For security/privacy sake do not use anything Java.
To me, Java is a language to explain programming concepts and not something to back serious infrastructure like the internet.
The whole interoperability argument is wrong. There are many reasons why.
Coders are just not proficient enough to make ports of their software written in compiled language to different places probably because they do not understand what coding really is.
Java is just a modern day buzz word.
|
|
|
|
|
jwzguy
|
|
January 12, 2013, 05:31:58 PM |
|
|
|
|
|
|
|
dancupid
|
|
January 12, 2013, 05:33:38 PM |
|
What about minecraft? What about my house?
I have several Klein Stars fully loaded with EMC - it seems so unfair.
|
|
|
|
|
|
nebulus
|
|
January 12, 2013, 06:39:54 PM |
|
I do not think Oracle will ever get rid of issues like the last one.
Java is an interpreted language and the bottom line is this.
Program is modified at run-time in an interpreted language.
This is a backdoor in itself. For security/privacy sake do not use anything Java.
To me, Java is a language to explain programming concepts and not something to back serious infrastructure like the internet.
The whole interoperability argument is wrong. There are many reasons why.
Coders are just not proficient enough to make ports of their software written in compiled language to different places probably because they do not understand what coding really is.
Java is just a modern day buzz word.
You do undertand that you haven't made a single coherent argument. Java is a compiled language. Interpreted languages are PHP / Ruby / Perl. Java is old, so it cannot be a modern day buzz word. Ruby is a modern day buzzword. You have no fucking clue what is the software development. Okay, clever software developer, you... Of course, you know that compiled languages generate machine code from source. Java does not do that. Java "compiler" (clearly a misnomer) makes bytecode which then is processed in the JRE before it goes into the CPU. This JRE step is what make JAVA an interpreted language. Why do you get so offended when people say the right thing? |
|
|
|
fcmatt
Legendary
Offline
Activity: 2072
Merit: 1001
|
|
January 12, 2013, 07:08:51 PM |
|
One cannot avoid java in the corporate world.... Slowly tho it is changing.
|
|
|
|
|
|
vampire
|
|
January 12, 2013, 10:35:08 PM |
|
Okay, clever software developer, you...
Of course, you know that compiled languages generate machine code from source. Java does not do that.
Java "compiler" (clearly a misnomer) makes bytecode which then is processed in the JRE before it goes into the CPU. This JRE step is what make JAVA an interpreted language.
Why do you get so offended when people say the right thing?
JVM is using JIT to generate "machine" code on the fly, go enable the interpreter. JIT code is even better than static compiling like C++. Duh. Even damn processors don't even use the machines code directly, they translate it right away and optimize it. Java is very close to the performance of C++, in some things java is MUCH faster. So basically you no fucking clue what you talk about. JRE? May you meant JVM? Yea, clueless. |
|
|
|
|
|
nebulus
|
|
January 13, 2013, 12:02:53 AM |
|
Okay, clever software developer, you...
Of course, you know that compiled languages generate machine code from source. Java does not do that.
Java "compiler" (clearly a misnomer) makes bytecode which then is processed in the JRE before it goes into the CPU. This JRE step is what make JAVA an interpreted language.
Why do you get so offended when people say the right thing?
JVM is using JIT to generate "machine" code on the fly, go enable the interpreter. JIT code is even better than static compiling like C++. Duh. Even damn processors don't even use the machines code directly, they translate it right away and optimize it. Java is very close to the performance of C++, in some things java is MUCH faster. So basically you no fucking clue what you talk about. JRE? May you meant JVM? Yea, clueless. 1. My argument is not about performance. My argument is about Java's security. Why would you take performance over security in a networked world? 2. JVM is a part of JRE (Java Runtime Environment) - just so you know... Now, imagine a scenario in which a PC runs 10 network/non-network applications written in C and a PC that runs 10 network/non-network applications written in Java. A hacker only has to breach the java machine once and he can get access to all applications. On contrary though, a hacker has to breach 10 applications on a C machine. In reality, Java does not have anything to offer the world besides the " possibly hyped up" JVM. Java is good for learning programming. |
|
|
|
|
vampire
|
|
January 13, 2013, 12:11:35 AM |
|
1. My argument is not about performance. My argument is about Java's security. Why would you take performance over security in a networked world?
Are you saying that Java is insecure or the browser's sandbox? Java was never designed to run within a browser, it's like running a C++ application in a browser. Java applets are horrible, kill these. Java/JVM are awesome. 2. JVM is a part of JRE (Java Runtime Environment) - just so you know...
it's also part of Scala, JRuby and etc. And they don't include JRE. Just so you know.... They use JRE name, so because you know it doesn't include any development stuff, like JDK... Duh. In reality, Java does not have anything to offer the world besides JVM which is a layer where all the security problems happens.
Huh? I think you have no idea what you're talking about. Java is one the best languages out there, C# may be slight better designed. But it doesn't run on 100 platforms. And these securities issues, wasn't just a bitcoin site hacked because of Ruby on Rails? And the best online wallet runs on Java??? LOL. Now, image a scenario in which a PC runs 10 network/non-network applications written in C and a PC that runs 10 network/non-network applications written in Java.
Java was always faster than C in network handling code. That's because there is no centralized network handling library like in Java. A hacker only has to breach the java machine once and he can get access to all applications.
On contrary though, a hacker has to breach 10 applications on a C machine.
Java is good for learning programming.
LOL I don't know what you just wrote. In C/Java you just need breach one layer, it's called "uid 0" Keep posting these dumb facts, it's entertains me. |
|
|
|
|
|
nebulus
|
|
January 13, 2013, 12:49:03 AM |
|
Thanks, I'm done.
|
|
|
|
|
