Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: More Java Woes - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More Java Woes

A number of readers alerted us of news reports stating that new "full sandbox escape" vulnerabilities had been reported to Oracle. At this point, there are no details available as to the nature of these vulnerabilities, and there is no evidence that any of these vulnerabilities are exploited. However, it is widely known that Oracle is working on a substantial backlog of these vulnerabilities. It is still recommended to use Java "with caution". Some best practices:

- Uninstall Java if you don't need it.
- if you do need Java, make sure it doesn't start automatically in your web browser.
- keep Java up to date
- reduce the number of Java variants you have installed to the minimum you need.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich July 2019

Johannes

3537 Posts
ISC Handler
I wonder if you could use a QR code to launch this as well? I see people scanning QR codes everywhere, don"t know what you are going to get until it is too late.
Wraith

2 Posts
Since a QR Code isn't much more than a link, it should work. FYI there is a QR-tool out from Symantec which checks QR-codes.
https://play.google.com/store/apps/details?id=com.symantec.norton.snap&hl=de
Wraith
2 Posts
When I need to use Java, I use a copy of portable Firefox with Jportable (Portable Java) in the plugin folder. This works great and seems to be more reliable than the full version installed in my primary browser. I can have separate copies with different versions of Jportable in each to have specific Java versions available.
jbmartin6

20 Posts

Sign Up for Free or Log In to start participating in the conversation!