These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Out of Pod Experience

 
  • Topic is locked indefinitely.
12Next page
 

Java Exploit [Not directly related to Eve]

First post
Author
Previous Topic Next Topic
Haseo Antares
Production N Destruction INC.
F O R M I C I D A E
#1 - 2013-01-12 02:13:35 UTC  |  Edited by: Haseo Antares
I'm not sure if this is the correct forum or not but I'm posting it here.

Anyways the US-CERT is advising people to disable Java in browsers. From what I understand systems may be vulnerable even if Java applets are not directly accessed via a web browser. Apparently hackers are using this exploit to steal identities and financial info. I have no idea how common this threat is but...if nothing else I would advise that you disable Java for browsers too protect your personal information.

Article here: http://www.us-cert.gov/cas/techalerts/TA13-010A.html

We currently have the world's greatest linguists and scientists trying to decode what you just said.
Pitrolo Orti
Doomheim
#2 - 2013-01-12 03:13:03 UTC
Haseo Antares wrote:
I'm not sure if this is the correct forum or not but I'm posting it here.

Anyways the US-CERT is advising people to disable Java in browsers. From what I understand systems may be vulnerable even if Java applets are not directly accessed via a web browser. Apparently hackers are using this exploit to steal identities and financial info. I have no idea how common this threat is but...if nothing else I would advise that you disable Java for browsers too protect your personal information.

Article here: http://www.us-cert.gov/cas/techalerts/TA13-010A.html


Dude do you know that the government is always behind in this.......chill out there is nothing to worry about you don't have 300 mill in your bank account so you are fine :)

Price is what you pay. Value is what you get.
Haseo Antares
Production N Destruction INC.
F O R M I C I D A E
#3 - 2013-01-12 03:34:10 UTC
Pitrolo Orti wrote:
Haseo Antares wrote:
I'm not sure if this is the correct forum or not but I'm posting it here.

Anyways the US-CERT is advising people to disable Java in browsers. From what I understand systems may be vulnerable even if Java applets are not directly accessed via a web browser. Apparently hackers are using this exploit to steal identities and financial info. I have no idea how common this threat is but...if nothing else I would advise that you disable Java for browsers too protect your personal information.

Article here: http://www.us-cert.gov/cas/techalerts/TA13-010A.html


Dude do you know that the government is always behind in this.......chill out there is nothing to worry about you don't have 300 mill in your bank account so you are fine :)


No I don't know that. Ever since my Freshmen year of college I have learned that I know nothing. At any rate I am just putting the info out there. What people do w/ the info is of no concern to me. Also I don't keep money in banks...I bury my money at a secret location after I cash each paycheck. That is why you did not see any funds in my account : ).

We currently have the world's greatest linguists and scientists trying to decode what you just said.
FluffyDice
Kronos Research
#4 - 2013-01-12 05:51:45 UTC
Do any of these websites even use Java?
Simetraz
State War Academy
Caldari State
#5 - 2013-01-12 05:52:24 UTC
FluffyDice wrote:
Do any of these websites even use Java?


Actually This web site uses Java.


EVERYBODY KNOWS
FluffyDice
Kronos Research
#6 - 2013-01-12 05:55:57 UTC
Where?
Pak Narhoo
Splinter Foundation
#7 - 2013-01-12 06:00:29 UTC
FluffyDice wrote:
Where?


R-click -> view source, you'll see.
FluffyDice
Kronos Research
#8 - 2013-01-12 06:02:06 UTC
I see lots of JavaScript. That's not really the same thing though.
Simetraz
State War Academy
Caldari State
#9 - 2013-01-12 06:04:30 UTC  |  Edited by: Simetraz
FluffyDice wrote:
I see lots of JavaScript. That's not really the same thing though.


Then disable your java plug-in and see what happens.
Make sure to try and reply with the plug-in disabled.

Actually this is the type of issue that can get peoples accounts hacked.

Perhaps why some companies use different login's for say forum use and another one for actual game play and account information.

They don't have to hack the connection between CCP and you.
They simply steal it right off your computer and set up a seperate connection to a remote server.

EVERYBODY KNOWS
FluffyDice
Kronos Research
#10 - 2013-01-12 06:09:50 UTC  |  Edited by: FluffyDice
Replying with Java disabled test.

edit: Yep works fine. Probably because that uses JavaScript and not Java.
Simetraz
State War Academy
Caldari State
#11 - 2013-01-12 06:22:09 UTC  |  Edited by: Simetraz
FluffyDice wrote:
Replying with Java disabled test.

edit: Yep works fine. Probably because that uses JavaScript and not Java.


Yeh forgot to tell you to disable the java scripts as well if you do that then you can't do much here.
Which basically means you have to kill java entirely.

Sometimes I really hate JAVA.

EVERYBODY KNOWS
FluffyDice
Kronos Research
#12 - 2013-01-12 06:24:33 UTC
I don't know how to be clearer. JavaScript isn't Java. The exploits discussed in the OP are in no way going to affect JavaScript.
Simetraz
State War Academy
Caldari State
#13 - 2013-01-12 06:28:43 UTC
FluffyDice wrote:
I don't know how to be clearer. JavaScript isn't Java. The exploits discussed in the OP are in no way going to affect JavaScript.


Read the OP's link.
In one section they talk about just the plug in and in another section they tell you to disable java complety
Do what you want.
And if you don't post anymore then we know you decided to disable your scripts as well SmileSmile

EVERYBODY KNOWS
FluffyDice
Kronos Research
#14 - 2013-01-12 06:32:29 UTC
I have read the OP's link. The difference is I understand that just because JavaScript has the word Java in it doesn't make them the same thing. If you would actually do 2 minutes of research with Google you would discover this.

Disabling Java might be a good idea if you are concerned. Disabling JavaScript with it for the same reason would be stupid because it's not the same thing.
Haseo Antares
Production N Destruction INC.
F O R M I C I D A E
#15 - 2013-01-12 06:36:59 UTC  |  Edited by: Haseo Antares
Simetraz wrote:
FluffyDice wrote:
I don't know how to be clearer. JavaScript isn't Java. The exploits discussed in the OP are in no way going to affect JavaScript.


Read the OP's link.
In one section they talk about just the plug in and in another section they tell you to disable java complety
Do what you want.
And if you don't post anymore then we know you decided to disable your scripts as well SmileSmile


No FluffyDice is correct. Java and Javascript are not related. Perhaps I should clarify a little. To disable the plugin you have to pull up the Java Command Panel. On Windows 7, click the start button and type Java in the search bar and click on the Java Icon. Then follow the article's instructions from there.

Javascript can be used to do nasty things as well but this Alert does not concern JavaScript. The only reason I felt compelled to make a thread about this exploit is because Java is used in damn near everything. This was also discovered very recently and the publicly available malicious code can be used by easily by script kiddies.

Edit: I haven't bothered with Windows 8 yet and I am not familiar with macs. Anyways I'm off to bed for the night.

We currently have the world's greatest linguists and scientists trying to decode what you just said.
Wandering Eagle
Aliastra
Gallente Federation
#16 - 2013-01-12 07:11:21 UTC
This is going on right now Java/Sun tech are working on it and even the US gov is suggesting to turn it off atm.

Not sure where people got the idea the governments are behind this but I suggest if you believe that to go straight away to the kitchen and produce a nice tinfoil hat. I heard this helps.
NickyYo
modro
The Initiative.
#17 - 2013-01-12 07:24:13 UTC  |  Edited by: NickyYo
Java is totaly different to javascript, they are not the same thing. If you have a java applet in the bottom right hand corner(windows) then you have java installed on your system. Javascript is javascript, browser code ONLY.

Quoted from the java.com site.

"The JavaScript programming language, developed by Netscape, Inc., is not part of the Java platform. "
Source: http://www.java.com/en/download/faq/java_javascript.xml

So stop having hissy fits! ok? the world is still going and eve is real!

..
Some Rando
University of Caille
Gallente Federation
#18 - 2013-01-12 07:49:38 UTC
This conversation is hilarious. Probably because I develop in both languages.

Thanks for the heads-up, OP.

CCP has no sense of humour.
Raw Matters
Brilliant Starfire
#19 - 2013-01-12 08:32:07 UTC
If you want details, click here

Or in short: there is a bug in the current Java version that allows someone to take over your PC simply by visiting a web page (without having to click or download anything). As this has been just "shipped" into the latest "hacking made simple" tools, it is to be expected to be around massively very soon.

As 99.9% of all pages don't even use Java, the smartest thing is to disable the plugin in your browser right away (how to in the link).
ACE McFACE
Dirt 'n' Glitter
Local Is Primary
#20 - 2013-01-12 08:41:54 UTC
There isn't enough talk about High-sec v Null sec or the 'issue' of AFK cloaking in this thread.

Now, more than ever, we need a dislike button.
12Next page