Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: CERTs warn about old java bug being exploited SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CERTs warn about old java bug being exploited
US-CERT and AUSCERT warn about a bug in java being exploited. The bug was made public in November 2005.

Aside of the obvious patch and turn off java support, the warnings include text as "avoid clicking on any links in emails or instant messages, unless the email was already expected beforehand" and "by only accessing Java applets from known and trusted sources the chances of exploitation are reduced."

To the best of my knowledge the general user population expects email. They use email to communicate with people they never met before. And they will click on anything in it. Similarly they call it "surfing the web", they will click on links that lead to other sites. Telling them not to do that is going to have as much effect as asking them not to laugh at you. There are unfortunately only a very few exception where you might have users and applications where you can limit the exposure. But as a general recommendation it is rather worthless IMHO.

So download that latest greatest java environment now if you haven't done so already and upgrade. Better yet: check those browser settings and turn java off for all sites that you either not trust 100% to execute code on your machines or that don't absolutely need it to work.

Swa Frantzen

760 Posts
Jan 13th 2006

Sign Up for Free or Log In to start participating in the conversation!