MCBastos wrote:
Interviewed by CNN on 02/03/2013 15:51, question told the world:
My wife has not used her computer this week.. So this explains why
Java works on hers this morning..on pogo
Block list has not been updated more in likely.
Both computers are identical...
But her JAVA is 7u10
Mine is 7u15
I told her not to update her Java .
Reading the bugzilla. We are being Blocked Because FACEBOOK got hacked..
Could be FACEBOOK does not have Java Configured Correctly . So Ever
other WEBSITE that uses JAVA has to Suffer Because The Almighty
FACEBOOK's Security is not Enabled correctly .
Let Facebook take care of itself .
I think you misunderstood the issue.
The problem is not that a few computers belonging to Facebook engineers
got hacked; the problem is that this event demonstrates that:
a) There is a bug in Java
b) Which is ALREADY BEING EXPLOITED by hackers.
If this exploit only affected Facebook, there would be no reason for
worry. But the thing is, it DOES present a risk for EVERY user. Facebook
can take care of itself, but most small users CANNOT. It's to protect
those small users that the block has been implemented. So, for the
moment, it's considered dangerous to have Java running automatically.
Even if the latest exploit has been band-aided, the recent pattern of
security problems with Java raises serious doubts about its overall
security. Simply stated, Java is no longer worth the trust of Internet
users -- until such a time as it can regain that trust, Mozilla opted to
place it in the "click-to-run" category, which needs an explicit "OK"
from the user every time it is invoked by a site.
Staying with an older Java release won't help; if anything, it will be
worse, since those older releases are bound to be even more emphatically
blocked.
You raise a point I'd appreciate clarification on: explicit OK from the
user. The problem several of us have is that, when visiting a site
which uses Java, we are not ASKED if it's OK to run Java, the site
simply fails. Despite continually un- and re-installing Java to allow
for 'clean' installs, certificate updates, etc., we're not being
prompted to click a permissions dialog, we're simply A) told by the web
site that we don't have Java running, or B) nothing happens at all.
The current state of the Java 7u15 plugin states this plugin is known to
have vulnerabilities, but nothing actually says it's blocked (at least
on my machine at the mo.) In fact, the 'disable' button is available if
I want to turn it off, which infers it's still running. But the Pogo
web site now looks for Java before allowing a Java-based game to run,
and it tells me I haven't got Java installed.
And that's contradictory, based on the observed interface.
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey
