This Just in [Java 7 vulnerability found]

Talk about whatever topic you'd like, RPG related or not. (But please discuss things related to our software in the Tools section, below.)

Moderators: dorpond, trevor, Azhrei

Post Reply
User avatar
Dervish
Giant
Posts: 121
Joined: Thu Sep 15, 2011 7:52 pm

This Just in [Java 7 vulnerability found]

Post by Dervish »

Last edited by aliasmask on Sat Jan 12, 2013 12:32 am, edited 1 time in total.
Reason: edited the header to be more descriptive

User avatar
aliasmask
RPTools Team
Posts: 9024
Joined: Tue Nov 10, 2009 6:11 pm
Location: Bay Area

Re: This Just in

Post by aliasmask »

I love the lack of detail in the article. Is it all java, the latest release, only when visiting suspect sites, all OSs...? Also, Google Chrome has it's own version of java built in to browser... is that effected? I wouldn't panic just yet, but I'll keep my eye open for details.

edit: More info

http://arstechnica.com/security/2013/01 ... -the-wild/

short version: Some sites may have exploits installed and works against java 7.

I still only have java 6.32 installed, so looks like I'm safe. For those worried, just uninstall java 7. You should have java 6.xx installed for using MT already, but if not, check the announcements for windows and java7 for a link to install java 6.

For those using Chrome and don't know if they have java and want to disable, you can type this: chrome://plugins/ and then disable.

User avatar
Dervish
Giant
Posts: 121
Joined: Thu Sep 15, 2011 7:52 pm

Re: This Just in [Java 7 vulnerability found]

Post by Dervish »

AM i am not panicking I found it thought it made for interesting news as it actually does affect our community, there have been a couple of follow on articles I am waiting to see if Oracle will man up and respond

User avatar
aliasmask
RPTools Team
Posts: 9024
Joined: Tue Nov 10, 2009 6:11 pm
Location: Bay Area

Re: This Just in [Java 7 vulnerability found]

Post by aliasmask »

Dervish wrote:AM i am not panicking I found it thought it made for interesting news as it actually does affect our community, there have been a couple of follow on articles I am waiting to see if Oracle will man up and respond
No, I appreciate your post and I was just a generalizing to the community at hand about not panicking due to the lack of detail in the first article. I would speculate the most vulnerable sites would be blog based, pr0n and those sites who don't have a professional team of IT people monitoring the site. So, people who visit those sites could have their password compromised or applets installed on their computer that may compromise their system. I'll be keeping an eye on the news about this. Since MT is java 6 based and the problem is with java 7, there should be any problems with MT.

User avatar
Jack of Spades
Kobold
Posts: 10
Joined: Tue Oct 02, 2007 11:16 pm
Contact:

Re: This Just in [Java 7 vulnerability found]

Post by Jack of Spades »

Looks like Oracle has patched the vulnerability – update here. At this point, were it not for MapTool, I'd uninstall Java altogether.
C. Lee Davis

User avatar
aliasmask
RPTools Team
Posts: 9024
Joined: Tue Nov 10, 2009 6:11 pm
Location: Bay Area

Re: This Just in [Java 7 vulnerability found]

Post by aliasmask »

I wonder if the wildcard problem and vulnerability had anything to do with one another? From the article, it sounds like the patch really isn't a patch, but a change in settings. I guess they'll fix it later.

User avatar
Jagged
Great Wyrm
Posts: 1306
Joined: Mon Sep 15, 2008 9:27 am
Location: Bristol, UK

Re: This Just in [Java 7 vulnerability found]

Post by Jagged »

Jack of Spades wrote:Looks like Oracle has patched the vulnerability – update here. At this point, were it not for MapTool, I'd uninstall Java altogether.
Have to say I am a little bit curious about the press coverage. This is hardly the first zero-day exploit and far from the worst. Still, Oracle do need to get their act together.

User avatar
Azhrei
Site Admin
Posts: 12086
Joined: Mon Jun 12, 2006 1:20 pm
Location: Tampa, FL

Re: This Just in [Java 7 vulnerability found]

Post by Azhrei »

Yeah, it's a bit annoying. Obviously, serious bugs should be fixed and fixed quickly -- and apparently Oracle didn't do too badly on this one.

But in that same linked article is an "Update" at the bottom that says, "Oh, btw... Microsoft's terribly bug-ridden browser has been patched to 'fully address' a separate security vulnerability which allowed remote code execution."

So why does one of a thousand serious bugs in IE get a small little update notice, but a single serious bug in Java gets "an article"?

(If I had a dime for every serious flaw in IE I'd be a rich man...)

User avatar
Jagged
Great Wyrm
Posts: 1306
Joined: Mon Sep 15, 2008 9:27 am
Location: Bristol, UK

Re: This Just in [Java 7 vulnerability found]

Post by Jagged »

I believe the "final" fix for this security issue will be issued on the 19th of Feb

Post Reply

Return to “General Discussion”