MPM Posted January 11, 2013 Share Posted January 11, 2013 Hey folks, There is currently a freshly released java exploit that allows people to remotely execute code on your system. More information can be found at http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/ The code has already been included into exploit databases and exploit tools. So, be careful. It's suggested to disable java completely. ~M Link to comment Share on other sites More sharing options...
100 Posted January 11, 2013 Share Posted January 11, 2013 Panic Link to comment Share on other sites More sharing options...
ilovecuttingyews Posted January 11, 2013 Share Posted January 11, 2013 Notconcerned.jpg It seems this type of thread pops up every few months. I would assume anyone using this exploit had bigger things in mind than RS accounts. Link to comment Share on other sites More sharing options...
Popular Post Pirkka Posted January 11, 2013 Popular Post Share Posted January 11, 2013 Don't worry, Jagex already fixed it! 20 40,919th person to access Turmoil. 21,559th person to access Overloads. Are there any hidden bonuses here? No bonuses Link to comment Share on other sites More sharing options...
MPM Posted January 11, 2013 Author Share Posted January 11, 2013 I would assume anyone using this exploit had bigger things in mind than RS accounts. I would normally agree with you, but since this is already kitted, the script kiddies are going to have a field day with it. ~M Link to comment Share on other sites More sharing options...
brunokiller Posted January 11, 2013 Share Posted January 11, 2013 https://addons.mozilla.org/nl/firefox/addon/noscript/ 3 My blog Link to comment Share on other sites More sharing options...
ilovecuttingyews Posted January 11, 2013 Share Posted January 11, 2013 Yeah I just read the article. Just stay on trusted RS themed sites and I think people will be fine. But I guess it never hurts to protect yourself. One question, would this be able to bypass JAG? Link to comment Share on other sites More sharing options...
Celery n Corn Posted January 11, 2013 Share Posted January 11, 2013 Is this why all the worlds are offline? Link to comment Share on other sites More sharing options...
Calm Koala Posted January 11, 2013 Share Posted January 11, 2013 Is this why all the worlds are offline? Nah, Login server probably just crashed Link to comment Share on other sites More sharing options...
MPM Posted January 11, 2013 Author Share Posted January 11, 2013 (edited) One question, would this be able to bypass JAG?In theory, yes. If a keylogger is dropped onto your computer and it grabs your email and rs passwords, then yes. Edit: I may be incorrect. I'm not certain how JAG works. I thought it sent an email to you to confirm you had control of the computer. If this isn't the case, then no. Edited January 11, 2013 by misplacedme ~M Link to comment Share on other sites More sharing options...
Calm Koala Posted January 11, 2013 Share Posted January 11, 2013 One question, would this be able to bypass JAG?In theory, yes. If a keylogger is dropped onto your computer and it grabs your email and rs passwords, then yes. Edit: I may be incorrect. I'm not certain how JAG works. I thought it sent an email to you to confirm you had control of the computer. If this isn't the case, then no. It sends an email with an link to the site where you have to login and awnser some preset security questions Link to comment Share on other sites More sharing options...
MPM Posted January 11, 2013 Author Share Posted January 11, 2013 It sends an email with an link to the site where you have to login and awnser some preset security questions Ok, it's not like steam. In that case, only if you've added that computer after you got keylogged. ~M Link to comment Share on other sites More sharing options...
Mercifull Posted January 11, 2013 Share Posted January 11, 2013 Disable Java in browser and use the client. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Hobgoblinpie Posted January 11, 2013 Share Posted January 11, 2013 Some RS players might be feeling fresh air in their lungs today. Unspam: It's unfortunate, but I'm sure it'll be patched soon enough. POH Agility Course, Please Support! Link to comment Share on other sites More sharing options...
Kaur Posted January 11, 2013 Share Posted January 11, 2013 I still have java enabled, hack me. Link to comment Share on other sites More sharing options...
Calm Koala Posted January 11, 2013 Share Posted January 11, 2013 I still have java enabled, hack me. Rawr Link to comment Share on other sites More sharing options...
Ginger_Warrior Posted January 11, 2013 Share Posted January 11, 2013 I still have java enabled, hack me.[hide=Your portrait][/hide] 2 | Favourite Game Music | Last.fm | HYT Friend Chat Rules | Link to comment Share on other sites More sharing options...
Sbrideau Posted January 11, 2013 Share Posted January 11, 2013 There's always going to be exploits as it is with any programs. Heck we even get monthly windows update to fix that kind of exploits. Except when they're urgent to fix, then we get an urgent update that can happen anytime. Link to comment Share on other sites More sharing options...
Sy_Accursed Posted January 11, 2013 Share Posted January 11, 2013 More needless scare mongering. Stay off dodgey sites, don't open suspicious attachments etc. = No threat at all from this. Operation Gold Sparkles :: Chompy Kills :: Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA RewardsDragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue Link to comment Share on other sites More sharing options...
Ginger_Warrior Posted January 11, 2013 Share Posted January 11, 2013 Scare mongering implies he has some ulterior motive for spreading panic, which knowing MPM from when I worked on the Crew, would be very out of character to say the least and there appears to be no evidence on it here. You might think it's 'over-cautious' perhaps, but 'scare mongering' is a really unfair accusation. | Favourite Game Music | Last.fm | HYT Friend Chat Rules | Link to comment Share on other sites More sharing options...
Sy_Accursed Posted January 11, 2013 Share Posted January 11, 2013 The mere fact of posting it as a warning of something to look out for in gen diss opposed to tech, to me, qualifies as scare mongering as it implies we need to know about it in relation to rs; plus the article linked is very scare mongering. Operation Gold Sparkles :: Chompy Kills :: Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA RewardsDragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue Link to comment Share on other sites More sharing options...
Donnie Posted January 11, 2013 Share Posted January 11, 2013 Java 0day - news article about it. I guess calling it an exploit is less impressive? Link to comment Share on other sites More sharing options...
wolfmon56 Posted January 12, 2013 Share Posted January 12, 2013 Maybe I'm just not understanding the point, but If this 0day is so dangerous, why don't they just either fix the exploit in any form possible? (Changing coding slightly, updating java, etc.) Link to comment Share on other sites More sharing options...
wormy Posted January 12, 2013 Share Posted January 12, 2013 Java seems to have had holes in it for the past long while. To sorta answer the above; java is used by almost everything across most operating systems, so it is a very very juicy target for hackers, and with so many people looking for the holes, they find them. It will get patched, and another hole will be found. Link to comment Share on other sites More sharing options...
D. V. Devnull Posted January 12, 2013 Share Posted January 12, 2013 So... Does this affect Java 6-series? :huh: If not, I would say everyone should downgrade to the Latest Java 6 Update. It just seems to me that all the latest exploits only affect the Java 7-series platform. So it might be equally logical that if people stop using it and use the Latest Java 6-series until the bugs are fixed right, then we'll get a better Java 7-series for all. Geez, talk about newer not always being better. :-k On less serious notes...<<<Image: http://i.imgur.com/zDOM7.png>>> Don't worry, Jagex already fixed it!I joke, but... "End Of RuneScape", perhaps? Wouldn't be surprised if someone finally managed to end Jagex's game somewhat. :twss: ~D. V. "I don't think RS is even fully Java 7-series Compatible yet." Devnull and normally with a cool mind.(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now