Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Java Under Attack Again, Disable Now
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
1/15/2013 | 2:36:27 PM
re: Java Under Attack Again, Disable Now
No double standard. All software has flaws. This article is about Java, not about IE. You taking an opportunity to take a pot shot at MS is just plain annoying.

btw - the IE vulnerability has been patched at about the same time as Java 7 (with update 11).
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
1/14/2013 | 8:18:17 PM
re: Java Under Attack Again, Disable Now
My point is that several versions of IE have currently an unpatched zero-day vulnerability and nobody is screaming to disable IE now! Why the double standards?
LZM
50%
50%
LZM,
User Rank: Apprentice
1/14/2013 | 5:36:10 PM
re: Java Under Attack Again, Disable Now
...
and this is what happens when Open Source goes Corporate
...
Todd
50%
50%
Todd,
User Rank: Apprentice
1/13/2013 | 9:39:52 PM
re: Java Under Attack Again, Disable Now
You can't handle the truth son windows the worst OS out there hands down the worst operating system known to man it a joke!
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
1/13/2013 | 5:56:00 PM
re: Java Under Attack Again, Disable Now
I beg to differ on one point you made.
The Java programming language was developed BEFORE Javascript. JS is based in part on the Java programming language created by James Gosling at Sun Micro in the early 90's. Netscape developed Javascript and released it in 1995 in prototype form.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
1/13/2013 | 4:00:24 PM
re: Java Under Attack Again, Disable Now
Point of comprehension. I did not say that the two were one and the same. However, Java apps are downloaded and run with a browser. Right? So, disable the plugin for the browser and/or uninstall the framework altogether from Programs and Features.
Vance Morgan
50%
50%
Vance Morgan,
User Rank: Apprentice
1/13/2013 | 11:33:22 AM
re: Java Under Attack Again, Disable Now
99.9% of statistics are made up on the spot.
There are lies, damned lies, statistics, and then their are statistics from random people on the Internet.
Vance Morgan
50%
50%
Vance Morgan,
User Rank: Apprentice
1/13/2013 | 11:26:57 AM
re: Java Under Attack Again, Disable Now
Exactly, they are vastly different. JavaScript is a scripting language designed to enhance web sites. Nearly every web site uses JavaScript. This Disqus comment system uses JavaScript.

Java, on the other hand, was created AFTER JavaScript by an entirely different entity (Sun Microsystems at the time). It's purpose is quite different. The only thing similar between them is that they happen to both have "java" in their names.
Todd
50%
50%
Todd,
User Rank: Apprentice
1/13/2013 | 1:27:19 AM
re: Java Under Attack Again, Disable Now
People bottom line with viruses if your using Microsoft Windows your about 99.9% chance to get any virus on the internet. If you use Mac OS X your about 50% chance to get a virus. If you use Linux or Ubuntu your about 10% chance or lower to get a virus on the internet. I say do the math people.......
Dirty Harry
50%
50%
Dirty Harry,
User Rank: Apprentice
1/12/2013 | 9:40:09 PM
re: Java Under Attack Again, Disable Now
This is getting old! When is Java going to get it's act together regarding security issues? By the way, do I need to disable Java in the Java Control Panel or just as a Plug in?
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I've never actually seen the corporate ladder before.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18898
PUBLISHED: 2020-01-23
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14...
CVE-2019-19837
PUBLISHED: 2020-01-23
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
CVE-2020-7210
PUBLISHED: 2020-01-23
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
CVE-2019-19835
PUBLISHED: 2020-01-23
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.
CVE-2020-5216
PUBLISHED: 2020-01-23
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seei...