Java 7 Update 11 Warning!

[Roly]

In the last couple of days a second "zero day exploit" has been found in Java 7 Update 11.

DISABLE Java in your browser, and if it isn't vital to your operations uninstall it altogether.

Read more;
https://www.google.com.au/search?q=java+7+0+day+exploit

:grr

[DrGonz78]

Lets just say I work for some hotel chain that is well known and global. They run Oracle DB and a GUI that depends on Java software. On Sunday the entire system was down and being patched. All the hotels were forced to go to manual mode. That is like going back to the 1970's or 1980's for the day!! Makes you thankful for technology after said and done/repaired. Also, makes you hate it!

[Roly]

Ha!  We had a power failure here a while back that caused some of the shops to close.  The supermarket couldn't scan diddly, and even their electric doors had to be propped open.  Was interesting that the local bakery simply rolled back to a pocket calc, no sweat.  Their only problem was that they didn't know how to open the cash drawer of the 'lectronic till until I showed up (grope underneath and pull the release - free lunch!).  All software needs a manual override.   :lmao:

I don't normally flap about the endless parade of malware, but this one looks quite serious - even US Homeland security is jumping up and down.  {mind you, getting clobbered myself for a second time in a couple of months, having to waste three days rooting out a MBR-infector trojan, hasn't helped my mood.  AVA got hit, twice(!), by a Javascript exploit in December.  Not happy.   :grr  }

[joecool85]

Boy am I happy I run Lubuntu at home.  We run Windows here at work though, and many of the machines have Java 7/11.  Am I worried?  No.  Should I be?  Maybe.

[Roly]

YES, you should be.  What's been going on of late is of a more serious order to what we have got used to.

This article applies to:

    Platform(s): Solaris SPARC, Solaris x86, Red Hat Linux, SUSE Linux, Oracle Enterprise Linux, Windows 8, Windows 7, Vista, Windows XP, Windows 2008 Server, Macintosh OS X
    Browser(s): Internet Explorer, Firefox, Chrome, Safari

This is one time I have to warn *nix and Mac users that their complacency may be an open invitation to unwittingly becoming part of a botnet, identity theft, or ghod knows what criminal malice.

From one website manager to another; I got hit by a drive-by infection on my "protected" home machine that (apparently) phished the site password stored in my FTP tool, and that seems to be how the Javascript* exploit got dumped on my users.  (AFAIK) this was also the "ransomware" exploit which locked me out of my machine and demanded $100 to unlock it, and that was what the code injection was distributing.

{* but not directly related to this current problem}

Look at the mess over ar Music-Elelctronics forum and resulting loss of user trust.  Nobody can safely assume they are immune because of the OS they are running (or AV software for that matter, AVG Free for example wouldn't even detect it, much less clean it).

[Roly]

Well, look what just turned up.

'Security crescendo' builds as cyber crime evolves

Richard Watson, of BAE Systems Detica, discusses the increasingly complex methods cyber criminals are developing to hack into computers and mobile devices.

vid 7m26s

"...increasing professionalisation..."

[joecool85]

Good points Roly and I appreciate the heads up for *nix systems.  Generally we are pretty safe from most of the garbage out there, but nothing is perfect and complacency is never good.