Jump to content

Java 0day in the wild


MPM

Recommended Posts

Hey folks,

There is currently a freshly released java exploit that allows people to remotely execute code on your system. More information can be found at http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/

 

The code has already been included into exploit databases and exploit tools. So, be careful. It's suggested to disable java completely.

~M

Link to comment
Share on other sites

I would assume anyone using this exploit had bigger things in mind than RS accounts.

 

I would normally agree with you, but since this is already kitted, the script kiddies are going to have a field day with it.

~M

Link to comment
Share on other sites

One question, would this be able to bypass JAG?

In theory, yes. If a keylogger is dropped onto your computer and it grabs your email and rs passwords, then yes.

 

Edit: I may be incorrect. I'm not certain how JAG works. I thought it sent an email to you to confirm you had control of the computer. If this isn't the case, then no.

Edited by misplacedme

~M

Link to comment
Share on other sites

One question, would this be able to bypass JAG?

In theory, yes. If a keylogger is dropped onto your computer and it grabs your email and rs passwords, then yes.

 

Edit: I may be incorrect. I'm not certain how JAG works. I thought it sent an email to you to confirm you had control of the computer. If this isn't the case, then no.

 

It sends an email with an link to the site where you have to login and awnser some preset security questions

Calm_Koala.png

Link to comment
Share on other sites

It sends an email with an link to the site where you have to login and awnser some preset security questions

 

Ok, it's not like steam.

In that case, only if you've added that computer after you got keylogged.

~M

Link to comment
Share on other sites

Disable Java in browser and use the client.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

There's always going to be exploits as it is with any programs. Heck we even get monthly windows update to fix that kind of exploits. Except when they're urgent to fix, then we get an urgent update that can happen anytime.

Link to comment
Share on other sites

More needless scare mongering.

 

Stay off dodgey sites, don't open suspicious attachments etc. = No threat at all from this.

Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Link to comment
Share on other sites

Scare mongering implies he has some ulterior motive for spreading panic, which knowing MPM from when I worked on the Crew, would be very out of character to say the least and there appears to be no evidence on it here.

 

You might think it's 'over-cautious' perhaps, but 'scare mongering' is a really unfair accusation.

Link to comment
Share on other sites

The mere fact of posting it as a warning of something to look out for in gen diss opposed to tech, to me, qualifies as scare mongering as it implies we need to know about it in relation to rs; plus the article linked is very scare mongering.

Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Link to comment
Share on other sites

Maybe I'm just not understanding the point, but If this 0day is so dangerous, why don't they just either fix the exploit in any form possible? (Changing coding slightly, updating java, etc.)

Link to comment
Share on other sites

Java seems to have had holes in it for the past long while. To sorta answer the above; java is used by almost everything across most operating systems, so it is a very very juicy target for hackers, and with so many people looking for the holes, they find them. It will get patched, and another hole will be found.

Link to comment
Share on other sites

So... Does this affect Java 6-series? :huh:

 

If not, I would say everyone should downgrade to the Latest Java 6 Update. It just seems to me that all the latest exploits only affect the Java 7-series platform. So it might be equally logical that if people stop using it and use the Latest Java 6-series until the bugs are fixed right, then we'll get a better Java 7-series for all. Geez, talk about newer not always being better. :-k

 

 

 

On less serious notes...

<<<Image: http://i.imgur.com/zDOM7.png>>>

 

Don't worry, Jagex already fixed it!

I joke, but... "End Of RuneScape", perhaps? Wouldn't be surprised if someone finally managed to end Jagex's game somewhat. :twss:

 

 

~D. V. "I don't think RS is even fully Java 7-series Compatible yet." Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.