www.ran-skilledhands.org
http://ran-skilledhands.org/phpBB3/

Security Threat
http://ran-skilledhands.org/phpBB3/viewtopic.php?f=19&t=2013
Page 1 of 1

Author:  Hippy Chippy [ Mon Jan 14, 2013 5:06 pm ]
Post subject:  Security Threat

This warning just came in from one of my newsletters today, a trusted source, so I’ve taken their advice and temporarily
disabled Java...


Here’s how to disable Java... :type: http://www.java.com/en/download/help/di ... rowser.xml

I’ll post any updates, once Java gives the ‘ALL CLEAR’...

:director: WARNING

New Java Exploit - Disable Java NOW!

I’m beginning to sound like a broken record, but there was another Java exploit discovered and this one is the worst kind of security hole. It’s one that allows a hacker to install malware or viruses without your knowledge simply by visiting a website. The exploit has been confirmed by Bitdefender, a popular anti-virus company, as being actively used by hackers on the internet to compromise computer systems.

The really dangerous part is it appears to affect all installations of Java and there is no known way to stop it outside of disabling or uninstalling Java. Oracle, the makers of Java, are aware of the exploit and are doubtlessly working on a fix, but no ETA or information has been released.

The easiest and most secure way to disable Java is to follow the instructions provided by Oracle by clicking here. You can re-enable Java after Oracle patches Java and you download an updated version. Disabling Java may cause certain websites to perform differently as Java will not be available to them so keep that in mind if you experience any unusual performance.

-Tim

It's all over the Internet... :shock: More information on the Java Threat:

:type: http://www.allvoices.com/contributed-ne ... -explained

:type: http://www.macrumors.com/2013/01/11/app ... ty-threat/

:type: http://threatpost.com/en_us/blogs/nasty ... -it-011013

:type: http://www.theglobeandmail.com/technolo ... le7234545/

Even more recent:

:type: http://news.yahoo.com/oracle-updates-ja ... ector.html



More if you choose to temporarily uninstal Oracle's Java:

:type: http://nakedsecurity.sophos.com/how-to- ... -explorer/

Particularly handy if you opt to uninstall Java completely:

"You can confirm that Java is no longer installed by visiting :type: http://java.com. Click "Do I have Java?"
Click verify and confirm that it says "No working Java was detected on your system."

This is what you'll see...
Image

Click on "Do I have Java" then click on the Verify Java version button that
appears (as shown below...)

Image

If you've successfully uninstalled Java completely, this is what you'll see...

Image

[-X DON'T HIT THE DOWNLOAD 'Download Java Now' BUTTON as that will
simply reinstall Java...!!!

Bear in mind tha literally BILLIONS of websites use Java, so hopefully Oracle
will 'get all their sh!t in the same sock' pretty quickly, so you can reinstall it again...

:-k It probably wouldn't hurt to do a FULL VIRUS SCAN :axe: on your PC/
compter after you've done all that... :hiding:

I'll endeavour to keep you posted... :thumbright:

Author:  Hippy Chippy [ Tue Jan 15, 2013 11:59 am ]
Post subject: 

Latest news on the Java Threat... :evil3:

:type: http://www.itechpost.com/articles/4923/ ... remain.htm

:type: http://www.thinkdigit.com/Internet/Orac ... 13056.html

:type: http://noesisstar.com/the-java-bug-thre ... -aapl-1030

Here’s what the Anti-Virus and Web Security community have said on the threat...

AVG: :type: http://www.avgthreatlabs.com/webthreats ... a-exploit/

Vipre :type: http://vipresecuritynews.com/2013/01/01 ... 6-7-and-8/

Trend Micro :type: http://fearlessweb.trendmicro.com/2013/ ... d-to-know/ (posted 11th Jan. 2013)

McAfee :type: http://blogs.mcafee.com/mcafee-labs/jav ... -crimeware

F-Secure :type: http://www.f-secure.com/weblog/archives/00002285.html

Seems that the folk at Symantec (Norton’s), Avast and Kaspersky Labs are still in holiday mode, no mention of the current Java Exploit Trojan Threat on their websites...

CERT :type: http://www.kb.cert.org/vuls/id/625617

Hot for Security :type: http://www.hotforsecurity.com/blog/crit ... -4997.html

The Times of India :type: http://timesofindia.indiatimes.com/tech ... 016281.cms

Student IT :type: http://www.studentnewsie.com/java-users ... fix-15444/

IT News :type: http://www.itnews.com.au/News/328319,br ... -list.aspx

Forbes :type: http://www.itnews.com.au/News/328319,br ... -list.aspx

=; I think I've posted enough links to get the message across, I'll only post solutions or updates on when it's safe to reinstall/ enable Java from here on in... :evil3:

Author:  Hippy Chippy [ Thu Jan 17, 2013 2:43 am ]
Post subject: 

A useful, full and frank Q & A on the :type: Java Exploit Threat :evil3:

Author:  Hippy Chippy [ Wed Jan 30, 2013 7:46 pm ]
Post subject: 

These articles are the latest I've found on the Java Exploit Threat: :hiding:

Dated 23rd Jan. 2013: :type: http://threatpost.com/en_us/blogs/attac ... ite-012313

Dated 28th Jan. 2013: :type: http://www.zdnet.com/java-update-doesnt ... 000010422/

And for the technically minded...

Dated 25th Jan. 2013: :type: http://www.invincea.com/2013/01/invince ... 2013-0422/

=; Suffice to say that I have not had any difficulty using Internet Explorer, Mozilla Firefox, or Google Chrome to access RAN Skilled Hands,
despite having 'disabled' Java on my PC... :-k

This article, dated 28th Jan. 2013, includes a link to a tele-conference with the Head of Oracle (Java) Security, Milton Smith... :argue:

:type: http://www.scmagazine.com/oracle-speaks ... le/277898/ Not much in the way of reassurance there...! :roll:

On another related issue, I fould this article (sh!t-canning Oracle for bundling unsolicited software with Java updates,) very interesting: :evil3:

:type: http://www.zdnet.com/a-close-look-at-ho ... 000010038/

Author:  Hippy Chippy [ Sun Sep 11, 2016 9:40 pm ]
Post subject:  Re: Security Threat

ON A PERSONAL LEVEL... if you receive a Facebook 'Friend Request' :evil3: from me :gotmail: and you're already 'My Friend'... PLEASE IGNORE IT...
I've been reliably advised by a number of my :3some: Facebook friends :3some: that :angry9: I've been hacked... :swear1: :shit: :hiding:

Over recent days, I also noticed that I started getting many 'Friend Requests' :evil3: from people who were already Facebook friends, and I was assuming that they'd been hacked...
[-X Not necessarily so, the hackers were probably just using my 'Friends' List to perpetuate their hack... :bugger:

I'm also assuming that Facebook is the hackers preferred playground :puter: and that the 'hack' (apparently very common on Facebook,) is limited to Facebook itself... =;
:dontknow: Anyway, Facebook have been informed and they've told me that the 'phoney Me' :stickman: has been deleted... :yess: :woohoo: :bob light:

:prayer: Sorry for any inconvenience... :notworthy:

Page 1 of 1 All times are UTC + 10 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/