Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Java 7 Update 21 is available - Watch for Behaviour Changes ! - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Java 7 Update 21 is available - Watch for Behaviour Changes !

Several of our readers have written in to let us know about the latest Java Update. 

So why isn't this a normal one-liner with a pointer off to the readme?  Because Oracle has significantly changed how Java runs with this version.  Java now requires code signing, and will pop up brightly coloured dialogue boxes if your code is not signed.  They now alert on unsigned, signed-but-expired and self-signed certificates.

We'll even need to click "OK" when we try to download and execute signed and trusted Java.

This is a really positive move on their part - with as many problems as Java has, it'll be nice to stop blaming the developers of the language entirely for malicious code - Java doesn't give you malware, running malware gives you malware. 

(not that Java is perfect, mind you)

 

The graphics you can expect to see once you update are:

Valid Certificate Self-Signed Certificate

 

 

Expired Certificate Unsigned Application

Full details on the new run policy can be found here ==> https://www.java.com/en/download/help/appsecuritydialogs.xml

And more information can be found here ==> http://www.oracle.com/technetwork/java/javase/tech/java-code-signing-1915323.html

 

===============
Rob VandenBrink
Metafore

Rob VandenBrink

482 Posts
ISC Handler
And Apple updated Safari to 6.0.4 / 5.1.9, which allows people to enable/disable java on a site by site basis.
This is a huge benefit. Now I will have Java enabled only on my banks webpage, and the validation authority. Disabled everywhere else.
Povl H.

71 Posts
... and despite Oracle saying there would be no public updates to V6 after February, there's also a 6u45 release!
(http://www.oracle.com/technetwork/java/javase/downloads/jre6downloads-1902815.html)
Anonymous
We've got an issue with Oracle Java 7u21 and 6u45 against Oracle Secure Global Desktop. Left hand/right hand anyone??
Anonymous
I set they Java auto updates synchronization to daily, during the past 2 updates this changed back to monthly.
Before I applied this Update I changed the settings to daily, after installation I checked and noticed the settings were reset to monthly. :(
Oracle really needs to fix this.
Anonymous
Is this the update we've been waiting for so we can have our users enable Java again?
Anonymous
@MrSoapsud We're having issues with Sun Global Desktop and Java 7u21 as well.
Anonymous
@derekivey which version of SGD do you run?
Anonymous
SDG Version: 4.4; Build: 20080807152602
Java 7 update 21 gives you this error at login;


"Failed to start or download Secure Global Desktop Client Component

This may be due to your web browser security settings.

If problems persist, contact a Secure Global Desktop Administrator."


All other Java versions works fine.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!