Re: [BlueObelisk-discuss] Java Vulnerability Note VU#636312

Thu, 30 Aug 2012 15:47:20 -0700 

I've been lurking on this list for a while, but this is a question I
actually know the answer to.

Things are *probably* ok if you update now, today, to the most recent
version of Java (7 ver 7) and your browser (eg Firefox 15).  Java website
here:

https://www.java.com/en/

Also, it is good security policy overall, and essential right now, to use
the NoScript addon.  NoScript blocks all Java and Javascript, unless
explicitly whitelisted.

http://noscript.net/

I also run Request Policy along with NoScript, but I am security-paranoid.
For anyone who wants even more protection than NoScript, you can take a
look at that addon.  Request Policy breaks most web sites, so I won't link
to it.  It's a tool that's only for serious nerds.

If you don't regularly visit a web site that requires Java, it's best to
disable it completely for a while.  In fact, the respected firm F-Security
told all their clients to uninstall Java *months ago*.  In the current
threat landscape, Java exploits are much more dangerous than viruses,
contrary to old-school "wisdom."

Best,

Aaron Sterling

On Thu, Aug 30, 2012 at 5:08 PM, Peter Murray-Rust <pm...@cam.ac.uk> wrote:

> Many of us use Java for code and some (e.g Jmol) use applets.
>
> Does anyone have any indication what we should do about
> http://www.kb.cert.org/vuls/id/636312 ?
>
>
> --
> Peter Murray-Rust
> Reader in Molecular Informatics
> Unilever Centre, Dep. Of Chemistry
> University of Cambridge
> CB2 1EW, UK
> +44-1223-763069
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Blueobelisk-discuss mailing list
> Blueobelisk-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/blueobelisk-discuss
>
>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Blueobelisk-discuss mailing list
Blueobelisk-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/blueobelisk-discuss

Reply via email to