Java 1.6.35 was released today and closes this vulnerability.
On Thu, Aug 30, 2012 at 5:21 PM, Aaron Sterling <sterl...@iastate.edu>wrote:
> I've been lurking on this list for a while, but this is a question I
> actually know the answer to.
>
> Things are *probably* ok if you update now, today, to the most recent
> version of Java (7 ver 7) and your browser (eg Firefox 15). Java website
> here:
>
> https://www.java.com/en/
>
> Also, it is good security policy overall, and essential right now, to use
> the NoScript addon. NoScript blocks all Java and Javascript, unless
> explicitly whitelisted.
>
> http://noscript.net/
>
> I also run Request Policy along with NoScript, but I am
> security-paranoid. For anyone who wants even more protection than
> NoScript, you can take a look at that addon. Request Policy breaks most
> web sites, so I won't link to it. It's a tool that's only for serious
> nerds.
>
> If you don't regularly visit a web site that requires Java, it's best to
> disable it completely for a while. In fact, the respected firm F-Security
> told all their clients to uninstall Java *months ago*. In the current
> threat landscape, Java exploits are much more dangerous than viruses,
> contrary to old-school "wisdom."
>
> Best,
>
> Aaron Sterling
>
> On Thu, Aug 30, 2012 at 5:08 PM, Peter Murray-Rust <pm...@cam.ac.uk>wrote:
>
>> Many of us use Java for code and some (e.g Jmol) use applets.
>>
>> Does anyone have any indication what we should do about
>> http://www.kb.cert.org/vuls/id/636312 ?
>>
>>
>> --
>> Peter Murray-Rust
>> Reader in Molecular Informatics
>> Unilever Centre, Dep. Of Chemistry
>> University of Cambridge
>> CB2 1EW, UK
>> +44-1223-763069
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Blueobelisk-discuss mailing list
>> Blueobelisk-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/blueobelisk-discuss
>>
>>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Blueobelisk-discuss mailing list
> Blueobelisk-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/blueobelisk-discuss
>
>
--
Robert M. Hanson
Larson-Anderson Professor of Chemistry
Chair, Chemistry Department
St. Olaf College
Northfield, MN
http://www.stolaf.edu/people/hansonr
If nature does not answer first what we want,
it is better to take what answer we get.
-- Josiah Willard Gibbs, Lecture XXX, Monday, February 5, 1900
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Blueobelisk-discuss mailing list
Blueobelisk-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/blueobelisk-discuss
