RE: Java 7 0day actively exploited in the wild | BeyondTrust
I've implemented the Internet zone disable as well. This protects against the tag. This does not protect against activeX object usage in the Internet zone - tag. The bulk of the registry settings recommended (CERT/Microsoft) are to make the make the Java activeX objects unsafe for invocation - Internet Explorer cannot use those objects in any way and therefore does this for all zones - which is a problem for us. Without knowing which activeX objects we are actually using (and by no means do we know all the java apps we are using in the enterprise and if they are invoked by the OBJECT tag) it would be hard to know which of the objects to disable. So we have not disabled them. The java objects presumably are properly signed thus other Internet zone settings cannot be used to protect the Internet zone. We are not about to implement activeX object whitelisting due to the effort involved to make this happen. I wish there was a registry of applications, listing the activeX objects used, which every software vendor regularly maintained. Regarding the JNLP file associations - ie. applets can be downloaded and then run (local machine zone now). The unexpected download prompt might be enough to protect most people - although truly I do not really believe this from past experience - there are many users that will happily click on through - they are experts at their job function but not necessarily so with computers. Adjusting the file association we will probably implement. This will have to be a regular maintenance item as new JVM versions will likely "fix" the file association. From: Sam Cayze [mailto:sca...@gmail.com] Sent: Friday, January 25, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust This is exactly what we have done. Thanks. Good to hear others recommend it. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 25, 2013 10:09 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust If it is over the internet...add that site to trusted and disable java in the 'internet zone'. http://blogs.msdn.com/b/ieinternals/archive/2011/05/15/controlling-java-in-internet-explorer.aspx From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, January 25, 2013 11:04 AM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust Be advised that the primary vector for Java exploits into an organization is via the web browser plugin. So, unless your B2B app is over the public network, or requires that the browser plugin be operational, you have some measure of risk reduction. ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Tue, Jan 15, 2013 at 1:21 PM, Sam Cayze mailto:sca...@gmail.com>> wrote: >>>Does the reward outweigh the risk? The reward is we get to stay in business :) We have a major partner that requires us to run it for a B2B app. So, we have to use it. But I've made it so just one user uses that app. That and the occasional WebEx stuff, but I uninstall it from people's PCs right afterwards. So looks like 6 is now the flavor of the month. Hard to keep track. Speaking of months, v6 is EOL in FEB. We'll no longer have the options between 6 and 7 going forward to sidestep all these issues :( Sam -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>] Sent: Tuesday, January 15, 2013 12:10 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -Original Message- From: Sam Cayze [mailto:sca...@gmail.com<mailto:sca...@gmail.com>] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-ja
RE: Java 7 0day actively exploited in the wild | BeyondTrust
I believe M$ also published a registry file that disabled invocation of Java in Internet zone. But I also use ZeroVulnerabilityLabs exploitshield and Sandboxing, when looking at anything on the net these days. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Sam Cayze [mailto:sca...@gmail.com] Sent: Friday, January 25, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust This is exactly what we have done. Thanks. Good to hear others recommend it. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 25, 2013 10:09 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust If it is over the internet...add that site to trusted and disable java in the 'internet zone'. http://blogs.msdn.com/b/ieinternals/archive/2011/05/15/controlling-java-in-internet-explorer.aspx From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, January 25, 2013 11:04 AM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust Be advised that the primary vector for Java exploits into an organization is via the web browser plugin. So, unless your B2B app is over the public network, or requires that the browser plugin be operational, you have some measure of risk reduction. ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Tue, Jan 15, 2013 at 1:21 PM, Sam Cayze mailto:sca...@gmail.com>> wrote: >>>Does the reward outweigh the risk? The reward is we get to stay in business :) We have a major partner that requires us to run it for a B2B app. So, we have to use it. But I've made it so just one user uses that app. That and the occasional WebEx stuff, but I uninstall it from people's PCs right afterwards. So looks like 6 is now the flavor of the month. Hard to keep track. Speaking of months, v6 is EOL in FEB. We'll no longer have the options between 6 and 7 going forward to sidestep all these issues :( Sam -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>] Sent: Tuesday, January 15, 2013 12:10 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -Original Message- From: Sam Cayze [mailto:sca...@gmail.com<mailto:sca...@gmail.com>] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f law-709713/ From: Mark Boeck [netadmin...@gmail.com<mailto:netadmin...@gmail.com>] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscr
RE: Java 7 0day actively exploited in the wild | BeyondTrust
This is exactly what we have done. Thanks. Good to hear others recommend it. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 25, 2013 10:09 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust If it is over the internet.add that site to trusted and disable java in the 'internet zone'. http://blogs.msdn.com/b/ieinternals/archive/2011/05/15/controlling-java-in-i nternet-explorer.aspx From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, January 25, 2013 11:04 AM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust Be advised that the primary vector for Java exploits into an organization is via the web browser plugin. So, unless your B2B app is over the public network, or requires that the browser plugin be operational, you have some measure of risk reduction. ASB <http://xeeme.com/AndrewBaker> http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market. On Tue, Jan 15, 2013 at 1:21 PM, Sam Cayze wrote: >>>Does the reward outweigh the risk? The reward is we get to stay in business :) We have a major partner that requires us to run it for a B2B app. So, we have to use it. But I've made it so just one user uses that app. That and the occasional WebEx stuff, but I uninstall it from people's PCs right afterwards. So looks like 6 is now the flavor of the month. Hard to keep track. Speaking of months, v6 is EOL in FEB. We'll no longer have the options between 6 and 7 going forward to sidestep all these issues :( Sam -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, January 15, 2013 12:10 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -Original Message- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f <http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day- flaw-709713/> law-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbeltsoftwa re.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com wi
Re: Java 7 0day actively exploited in the wild | BeyondTrust
Good mitigation... *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Fri, Jan 25, 2013 at 11:09 AM, Kennedy, Jim wrote: > If it is over the internet…add that site to trusted and disable java in > the ‘internet zone’. > > ** ** > > > http://blogs.msdn.com/b/ieinternals/archive/2011/05/15/controlling-java-in-internet-explorer.aspx > > > ** ** > > ** ** > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* Friday, January 25, 2013 11:04 AM > > *To:* NT System Admin Issues > *Subject:* Re: Java 7 0day actively exploited in the wild | BeyondTrust*** > * > > ** ** > > Be advised that the primary vector for Java exploits into an organization > is via the web browser plugin. So, unless your B2B app is over the public > network, or requires that the browser plugin be operational, you have some > measure of risk reduction. > > > > > > > > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…* > > > > ** ** > > On Tue, Jan 15, 2013 at 1:21 PM, Sam Cayze wrote: > > >>>Does the reward outweigh the risk? > > The reward is we get to stay in business :) > > We have a major partner that requires us to run it for a B2B app. So, we > have to use it. But I've made it so just one user uses that app. > That and the occasional WebEx stuff, but I uninstall it from people's PCs > right afterwards. > > So looks like 6 is now the flavor of the month. Hard to keep track. > Speaking of months, v6 is EOL in FEB. We'll no longer have the options > between 6 and 7 going forward to sidestep all these issues :( > > Sam**** > > > > > -Original Message- > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] > > Sent: Tuesday, January 15, 2013 12:10 PM > To: NT System Admin Issues > Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust > > Correct, but 6 is vulnerable to it's own set of exploits that were never > fixed and they are well known. Arguably the bad guys are paying more > attention to attacking 7 now so theoretically you are safer with 6. Bottom > line, java is insecure no matter what you do and will be that way for > several years to come, imho. > > Risk vs reward. What is the reward for your org for continuing to allow > java > to run? Does the reward outweigh the risk? > > -Original Message- > From: Sam Cayze [mailto:sca...@gmail.com] > Sent: Tuesday, January 15, 2013 12:24 PM > To: NT System Admin Issues > Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust > > Am I right in assuming that the latest version of version 6 is, or was, NOT > affected by this? > Can't find anything out there that suggests it was... > > -Original Message- > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] > Sent: Friday, January 11, 2013 1:34 PM > To: NT System Admin Issues > Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust > > > > > http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f > law-709713/<http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-709713/> > > > From: Mark Boeck [netadmin...@gmail.com] > Sent: Friday, January 11, 2013 12:15 PM > To: NT System Admin Issues > Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust > > lol - a friend of mine, a microsoft security mvp, starts her blog off like > this: > how to uninstall java! > http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html > only after that does she post some links about the threat > > - > > > - > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com listmanager@lyris.sunbeltsoftwa > re.com> > with the body: unsubscribe ntsysadmin > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forum
RE: Java 7 0day actively exploited in the wild | BeyondTrust
If it is over the internet...add that site to trusted and disable java in the 'internet zone'. http://blogs.msdn.com/b/ieinternals/archive/2011/05/15/controlling-java-in-internet-explorer.aspx From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, January 25, 2013 11:04 AM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust Be advised that the primary vector for Java exploits into an organization is via the web browser plugin. So, unless your B2B app is over the public network, or requires that the browser plugin be operational, you have some measure of risk reduction. ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Tue, Jan 15, 2013 at 1:21 PM, Sam Cayze mailto:sca...@gmail.com>> wrote: >>>Does the reward outweigh the risk? The reward is we get to stay in business :) We have a major partner that requires us to run it for a B2B app. So, we have to use it. But I've made it so just one user uses that app. That and the occasional WebEx stuff, but I uninstall it from people's PCs right afterwards. So looks like 6 is now the flavor of the month. Hard to keep track. Speaking of months, v6 is EOL in FEB. We'll no longer have the options between 6 and 7 going forward to sidestep all these issues :( Sam -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>] Sent: Tuesday, January 15, 2013 12:10 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -Original Message- From: Sam Cayze [mailto:sca...@gmail.com<mailto:sca...@gmail.com>] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f law-709713/ From: Mark Boeck [netadmin...@gmail.com<mailto:netadmin...@gmail.com>] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com><mailto:listmanager@lyris.sunbeltsoftwa<mailto:listmanager@lyris.sunbeltsoftwa> re.com<http://re.com>> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftwar
Re: Java 7 0day actively exploited in the wild | BeyondTrust
Be advised that the primary vector for Java exploits into an organization is via the web browser plugin. So, unless your B2B app is over the public network, or requires that the browser plugin be operational, you have some measure of risk reduction. *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Tue, Jan 15, 2013 at 1:21 PM, Sam Cayze wrote: > >>>Does the reward outweigh the risk? > > The reward is we get to stay in business :) > > We have a major partner that requires us to run it for a B2B app. So, we > have to use it. But I've made it so just one user uses that app. > That and the occasional WebEx stuff, but I uninstall it from people's PCs > right afterwards. > > So looks like 6 is now the flavor of the month. Hard to keep track. > Speaking of months, v6 is EOL in FEB. We'll no longer have the options > between 6 and 7 going forward to sidestep all these issues :( > > Sam > > > > -Original Message- > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] > Sent: Tuesday, January 15, 2013 12:10 PM > To: NT System Admin Issues > Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust > > Correct, but 6 is vulnerable to it's own set of exploits that were never > fixed and they are well known. Arguably the bad guys are paying more > attention to attacking 7 now so theoretically you are safer with 6. Bottom > line, java is insecure no matter what you do and will be that way for > several years to come, imho. > > Risk vs reward. What is the reward for your org for continuing to allow > java > to run? Does the reward outweigh the risk? > > -Original Message----- > From: Sam Cayze [mailto:sca...@gmail.com] > Sent: Tuesday, January 15, 2013 12:24 PM > To: NT System Admin Issues > Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust > > Am I right in assuming that the latest version of version 6 is, or was, NOT > affected by this? > Can't find anything out there that suggests it was... > > -----Original Message- > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] > Sent: Friday, January 11, 2013 1:34 PM > To: NT System Admin Issues > Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust > > > > > http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f > law-709713/ > > ________ > From: Mark Boeck [netadmin...@gmail.com] > Sent: Friday, January 11, 2013 12:15 PM > To: NT System Admin Issues > Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust > > lol - a friend of mine, a microsoft security mvp, starts her blog off like > this: > how to uninstall java! > http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html > only after that does she post some links about the threat > > - > > > - > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com listmanager@lyris.sunbeltsoftwa > re.com> > with the body: unsubscribe ntsysadmin > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage
RE: Java 7 0day actively exploited in the wild | BeyondTrust
LOl is it a moot point, still going to be old version that are vulnerable on the networks, same old exploits same old issues. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, January 15, 2013 1:29 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust I totally understand your risk vs reward scenario. We are in the same boat. Yea, in Feb this is all a moot point. -Original Message- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 1:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust >>>Does the reward outweigh the risk? The reward is we get to stay in business :) We have a major partner that requires us to run it for a B2B app. So, we have to use it. But I've made it so just one user uses that app. That and the occasional WebEx stuff, but I uninstall it from people's PCs right afterwards. So looks like 6 is now the flavor of the month. Hard to keep track. Speaking of months, v6 is EOL in FEB. We'll no longer have the options between 6 and 7 going forward to sidestep all these issues :( Sam -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, January 15, 2013 12:10 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -Original Message- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f law-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbeltsoftwa re.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbelt
RE: Java 7 0day actively exploited in the wild | BeyondTrust
I totally understand your risk vs reward scenario. We are in the same boat. Yea, in Feb this is all a moot point. -Original Message- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 1:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust >>>Does the reward outweigh the risk? The reward is we get to stay in business :) We have a major partner that requires us to run it for a B2B app. So, we have to use it. But I've made it so just one user uses that app. That and the occasional WebEx stuff, but I uninstall it from people's PCs right afterwards. So looks like 6 is now the flavor of the month. Hard to keep track. Speaking of months, v6 is EOL in FEB. We'll no longer have the options between 6 and 7 going forward to sidestep all these issues :( Sam -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, January 15, 2013 12:10 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -Original Message- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f law-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbeltsoftwa re.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 0day actively exploited in the wild | BeyondTrust
>>>Does the reward outweigh the risk? The reward is we get to stay in business :) We have a major partner that requires us to run it for a B2B app. So, we have to use it. But I've made it so just one user uses that app. That and the occasional WebEx stuff, but I uninstall it from people's PCs right afterwards. So looks like 6 is now the flavor of the month. Hard to keep track. Speaking of months, v6 is EOL in FEB. We'll no longer have the options between 6 and 7 going forward to sidestep all these issues :( Sam -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, January 15, 2013 12:10 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -Original Message- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f law-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbeltsoftwa re.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 0day actively exploited in the wild | BeyondTrust
Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -Original Message- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f law-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbeltsoftwa re.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 0day actively exploited in the wild | BeyondTrust
Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f law-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbeltsoftwa re.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 0day actively exploited in the wild | BeyondTrust
They bumped the security settings up. It prompts every time now. -Original Message- From: Richard McClary [mailto:richard.mccl...@aspca.org] Sent: Monday, January 14, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Wonder if there's a negative-one-day exploit? Thanks, though, just now got through doing a bunch of JRE upgrades. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 14, 2013 8:22 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Java released update 11 last night. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 2:36 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals?? (ASPCA??) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 0day actively exploited in the wild | BeyondTrust
Wonder if there's a negative-one-day exploit? Thanks, though, just now got through doing a bunch of JRE upgrades. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 14, 2013 8:22 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Java released update 11 last night. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 2:36 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 0day actively exploited in the wild | BeyondTrust
Java released update 11 last night. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 2:36 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 0day actively exploited in the wild | BeyondTrust
http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
