[sf-lug] Java Exploit code found

Rick Moen rick at linuxmafia.com
Wed Aug 29 16:16:47 PDT 2012


Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):

> Researchers are advising computer owners to disable Java in all
> browsers.  "That would be the only solution, right now," said Tod
> Beardsley, a bug testing engineering manager for Rapid7.


Date: Tue, 28 Aug 2012 10:23:52 -0700
From: Rick Moen <rick at linuxmafia.com>
To: conspire at linuxmafia.com
Subject: Re: [conspire] Write Once, Exploit Everywhere
Organization: If you lived here, you'd be $HOME already.
X-Mas: Bah humbug.

Quoting Adrien Lamothe (alamozzz at yahoo.com):

> Security companies are recommending you uninstall Java:
> 
> http://thenextweb.com/apps/2012/08/28/security-companies-you-disable-java-just
-uninstall/

Oracle/Sun Java has been alarmingly buggy in the last few years, and
it's not getting better.  

On open source platforms, we have the OpenJDK fork, which has not had
the same severity of security meltdown -- but I would not assume OpenJDK
safe.  In either case, it more than suffices to use NoScript to control
when if at all you run Java applets off the Internet.

Reading the security advisories about the new exploit, one sees the same
willful blindness always present in writings from the antimalware
industry:  Authors simply assume that suspect code from public networks
will get executed.  Users are implicitly assumed to take no measures
whatsoever to decide for themselves what public code to run.

Sophos comes closest to conceding that the user might have a brain:
'Disable the Java plugin in your favourite web browser.  [...]  Another
solution is to surf the net using your favourite browser with Java
disabled, and have an alternate browser available for the occasional
site that needs it'
(http://nakedsecurity.sophos.com/2012/08/28/unpatched-java-exploit-spreads-like-
wildfire/)

F-Secure has a similar statement.  Um, guys?  If you use NoScript, 
you don't have that problem.

FWIW, the current exploit is focussed solely on Win32 boxes
because its payload is delivered as a Microsoft exe file.
http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html





More information about the sf-lug mailing list