Jump to content

[exploit patched] Disable Java NOW, users told, as 0-day exploit hits web


Trey

Recommended Posts

If you're unsure the version of Java that you're running in Windows, open a command prompt and type "java -version"

 

Wonder how this affects macs, since crApple writes their own jre.

99 dungeoneering achieved, thanks to everyone that celebrated with me!

 

♪♪ Don't interrupt me as I struggle to complete this thought
Have some respect for someone more forgetful than yourself ♪♪

♪♪ And I'm not done
And I won't be till my head falls off ♪♪

Link to comment
Share on other sites

I was tried to hack with something like this couple weeks back. Was chatting with a RS "friend" on Skype when she wanted to show her bank picture. The link seemed okay, but when I clicked to the link (picture host) it asked me to allow java on this site. Obviously I declined, cause why would I need java to look at a picture? Afterwards I tried clicking to "other pictures from this user" to end up in some free webhosting site. It's really easy to fall in for something like this, so you really have to be very careful what you click and what you allow.

 

I obviously ran a PC scan soon afterwards, followed by changing passwords and such. Items are safe till to date.

u5zhkTY.gif

Link to comment
Share on other sites

If you're unsure the version of Java that you're running in Windows, open a command prompt and type "java -version"

 

Wonder how this affects macs, since crApple writes their own jre.

 

http://www.java.com/...d/installed.jsp is an easier way to check what version

 

It fully affects java under any PC OS: Windows, OSX, Linux, and possibly even Android.

 

 

The link seemed okay, but when I clicked to the link (picture host) it asked me to allow java on this site. Obviously I declined, cause why would I need java to look at a picture?

 

This exploit bypasses the need to request user permission, the instant you clicked the link you would have been owned.

You make it sound like running through a few level 87 monsters is hard which it really shouldn't be at your level.

riptide_mage.png

riptide_mage.png

Link to comment
Share on other sites

So its like a drive-by attack, but no script wont block it. *shrugs*

 

Fortunately I don't make a habbit of visiting even new sites, let alone dodge ones. I could also just revert by 3 versions until they decide to fix it.

Link to comment
Share on other sites

NoScript absolutely would prevent it, as NoScript flat out doesn't allow Java to run at all. Reverting to 3 versions ago though..is pointless. The current version is Java 7 update 6, this affects all versions of Java 7. Reverting to Java 6 would only make you even more vulnerable to exploits that were patched with Java 7.

You make it sound like running through a few level 87 monsters is hard which it really shouldn't be at your level.

riptide_mage.png

riptide_mage.png

Link to comment
Share on other sites

I wonder how I'll ever get any work done...we exclusively use Java. Oh wait, wrong version; shouldn't have to worry about this particular exploit...

 

I also didn't see any mention of if OpenJDK 7 was affected. It may be worth looking into (a guess says it may be), but if it isn't, then it's a pretty good alternative to Oracle JVM.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites

When I said reverting 3 versions, I was looking at my version number. Java doesn't upgrade until I tell it to. And if java cant run without javascript telling it to run, then perfect. No change.

Link to comment
Share on other sites

When I said reverting 3 versions, I was looking at my version number. Java doesn't upgrade until I tell it to. And if java cant run without javascript telling it to run, then perfect. No change.

 

Java and Javascript have (almost) nothing in common, besides the name, and the fact that they are both "programming" languages of a sort.

 

The above poster mis-understood the no-script plugin/extension. NoScript prevents Javascript, and it *might* be able to prevent Java as well, not sure. But that is a different setting.

Serena_Sedai.png
Maxed since Sunday, January 9th, 2014
Completionist since Wednesday, June 4th, 2014

Link to comment
Share on other sites

When I said reverting 3 versions, I was looking at my version number. Java doesn't upgrade until I tell it to. And if java cant run without javascript telling it to run, then perfect. No change.

 

Java and Javascript have (almost) nothing in common, besides the name, and the fact that they are both "programming" languages of a sort.

 

The above poster mis-understood the no-script plugin/extension. NoScript prevents Javascript, and it *might* be able to prevent Java as well, not sure. But that is a different setting.

 

Just to make it clear: "Java and Javascript are similar like Car and Carpet are similar." - Greg Hewgill

 

If you want to be absolutely sure, disable the plugin.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites

The above poster mis-understood the no-script plugin/extension. NoScript prevents Javascript, and it *might* be able to prevent Java as well, not sure. But that is a different setting.

I checked when it was first brought up yesterday, and it looks like there is an option to disable Java for untrusted sites.

Link to comment
Share on other sites

The above poster mis-understood the no-script plugin/extension. NoScript prevents Javascript, and it *might* be able to prevent Java as well, not sure. But that is a different setting.

I checked when it was first brought up yesterday, and it looks like there is an option to disable Java for untrusted sites.

 

Yup indeed, the first line on the noscript website:

 

The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
You make it sound like running through a few level 87 monsters is hard which it really shouldn't be at your level.

riptide_mage.png

riptide_mage.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.