[conspire] Write Once, Exploit Everywhere

Rick Moen rick at linuxmafia.com
Tue Aug 28 10:23:52 PDT 2012


Quoting Adrien Lamothe (alamozzz at yahoo.com):

> Security companies are recommending you uninstall Java:
> 
> 
> http://thenextweb.com/apps/2012/08/28/security-companies-you-disable-java-just-uninstall/

Oracle/Sun Java has been alarmingly buggy in the last few years, and
it's not getting better.  

On open source platforms, we have the OpenJDK fork, which has not had
the same severity of security meltdown -- but I would not assume OpenJDK
safe.  In either case, it more than suffices to use NoScript to control
when if at all you run Java applets off the Internet.

Reading the security advisories about the new exploit, one sees the same
wilful blindness always present in writings from the antimalware
industry:  Authors simply assume that suspect code from public networks
will get executed.  Users are implicitly assumed to take no measures
whatsoever to decide for themselves what public code to run.

Sophos comes closest to conceding that the user might have a brain:
'Disable the Java plugin in your favourite web browser.  [...]  Another
solution is to surf the net using your favourite browser with Java
disabled, and have an alternate browser available for the occasional
site that needs it'
(http://nakedsecurity.sophos.com/2012/08/28/unpatched-java-exploit-spreads-like-wildfire/)

F-Secure has a similar statement.  Um, guys?  If you use NoScript, 
you don't have that problem.

FWIW, the current exploit is focussed solely on Win32 boxes
because its payload is delivered as a Microsoft exe file.
http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html





More information about the conspire mailing list