Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Java 7 Update 21 is available - Watch for Behaviour Changes !

Published: 2013-04-16
Last Updated: 2013-04-16 20:56:08 UTC
by Rob VandenBrink (Version: 1)
8 comment(s)

Several of our readers have written in to let us know about the latest Java Update. 

So why isn't this a normal one-liner with a pointer off to the readme?  Because Oracle has significantly changed how Java runs with this version.  Java now requires code signing, and will pop up brightly coloured dialogue boxes if your code is not signed.  They now alert on unsigned, signed-but-expired and self-signed certificates.

We'll even need to click "OK" when we try to download and execute signed and trusted Java.

This is a really positive move on their part - with as many problems as Java has, it'll be nice to stop blaming the developers of the language entirely for malicious code - Java doesn't give you malware, running malware gives you malware. 

(not that Java is perfect, mind you)

 

The graphics you can expect to see once you update are:

Valid Certificate Self-Signed Certificate

 

 

Expired Certificate Unsigned Application

Full details on the new run policy can be found here ==> https://www.java.com/en/download/help/appsecuritydialogs.xml

And more information can be found here ==> http://www.oracle.com/technetwork/java/javase/tech/java-code-signing-1915323.html

 

===============
Rob VandenBrink
Metafore

Keywords: Java 7u21
8 comment(s)
Diary Archives