I would semi-trust the java updaters, but honestly, I would be pushing java 7 version 7 if you have a centralized platform for software updates. And if you don’t need java on your systems for functionality, remove it altogether.
Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: David Lum [mailto:david....@nwea.org] Sent: Friday, September 07, 2012 11:37 AM To: NT System Admin Issues Subject: RE: Java vulnerability Q Thanks. If a user gets a message from the Java updater, should they accept it if it’s verified from Oracle, or is that potentially an exploit? From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, September 07, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Java vulnerability Q Most times it’s a keylogger or other malicious code downloaded from multiple sources that will hook processes inject into other processes (legit) and try to remain persistent. If you can disable java invocation in the Internet Zone, which will stop the drive-by’s for the time being. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, September 07, 2012 11:14 AM To: NT System Admin Issues Subject: RE: Java vulnerability Q The exploit is used to drop code on the target. That is how most of the exploits that you hear about are used. It isn’t that I use Java to get your password….I use Java to drop a keylogger on your box to get your password…for example. So you are looking for what they dropped. From: David Lum [mailto:david....@nwea.org] Sent: Friday, September 07, 2012 11:09 AM To: NT System Admin Issues Subject: Java vulnerability Q If a system has been compromised by the latest Java exploit – how would someone know? What would you look for? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin