Anyone using Java RDP for remote access at work, i.e. lots of people. Chris Campbell ------------------------ 07742123443
On 29 Mar 2013, at 10:33, Alex Kornilov <[email protected]> wrote: > On 3/26/13 9:11 PM, Neil Cooler wrote: >> The primary risk of Java vulnerabilities is drive-by attacks in the >> browser. The browser will usually execute any Java applet it is told >> to execute by the webpage. >> >> If you have it disabled in the browser, some vulnerabilities are still >> potentially exploitable, but the attack vector changes. Rather than >> entice you to click on a link that has the malicious Java file, or to >> set up a watering hole attack on a site you're likely to visit, the >> attacker has to find some way of getting you to download and execute >> his malicious file, which would involve significantly more social >> engineering, or he has to have local access to the system in order to >> run the file himself. At which point, you've most likely already >> lost. >> >> It is very unlikely that a tool like Jdownloader would be exposed to >> these types of vulnerabilities. You still should be concerned about >> any flaws inherent in the specific code written for Jdownloader and >> keep an eye on the NVD for known weaknesses as with any other client >> application. But the beef the Infosec industry has with Java is >> almost exclusively with Java applets running amok in the browser. > thank you. Now everything clear. But who needs java applets in 2013? > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
