[PCWorld]

Post your comments for Oracle says Java update coming Tuesday here

[TsarNikky]

It looks like an example of closing the barn door after the horses have run off.
[As for the web sites I visit, none have needed Java.]

[RobertGomez]

Good news, I tried life without Java the last week, totally uninstalled, - mistake cant visit 97% of websites including pcworld. Reinstalled using noscript for firefox and a no script for chrome. still a failure can't log into hotmail, gmail, banking, paypal, you name it every place uses scripting,

finally today i turned it back on, so the article should be how to surf the net without javascript or
using a alternative javascript emulator or convertor to surf the web..
this way we can get rid of all sun java products just as I got rid of all apple products and devices and microsoft bloatware - except the os ..

if i can find some alternatives to adobe products i can rid myself of windows also

much faster and more free environment ..

[Brogwalkerh]

Quote

Good news, I tried life without Java the last week, totally uninstalled, - mistake cant visit 97% of websites including pcworld. Reinstalled using noscript for firefox and a no script for chrome. still a failure can't log into hotmail, gmail, banking, paypal, you name it every place uses scripting, finally today i turned it back on, so the article should be how to surf the net without javascript or using a alternative javascript emulator or convertor to surf the web.. this way we can get rid of all sun java products just as I got rid of all apple products and devices and microsoft bloatware - except the os .. if i can find some alternatives to adobe products i can rid myself of windows also much faster and more free environment ..

You are thinking if JavaScript not java. Big difference. Java is a programming language and JavaScript is a scripting language and is more similar to HTML.

And as for apple compiling its own java code, they actually handed over responsibility for java back to Oracle sometime last year if I'm not mistaken...

[Blottomania]

@RobertGomez -- Javascript is NOT JAVA! The only thing that's similar between JAVA (what's being actually discussed) and Javascript is the first four letters, j-a-v-a. They are totally and absolutely distinct.

Javascript is NOT the issue here whatsoever. It's very unfortunate that the creators of Javascript gave it the name that began with Java, because it leads to all kinds of confusion like this. Again, Javascript is not the problem here, and there's no need to disable it -- at least not for the malware exploits being mentioned. It's Oracle JAVA that's the issue.

This page explains the difference, and why javascript got its name: https://service.para...JavaScript.html

[Din5dale]

Ummm....when did "Oracle Corp to fix Java security flaw "shortly"" http://www.reuters.c...E90B0EX20130113

Morph into "Oracle says Java update coming TUESDAY" (emph mine)
Even the article you linked to in your story sez "shortly"
http://ibnlive.in.co.../315470-11.html

The 86 vulnerability patches you mention & link to are NOT all specific to Java JRE 7 u 10 and do NOT mention nor include the SPECIFIC Java Zero-Day vulnerability recently disclosed.

http://www.infoworld...ce=rss_security

QUOTE: Oracle is preparing to ship 86 patches covering security vulnerabilities in a wide span of its products, with 18 of the fixes aimed at the MySQL database alone...

But another five patches will be shipped for Oracle Database Mobile/Lite Server...

Various components of Oracle Fusion Middleware, including WebLogic Server and Access Manager, will receive seven patches...

Some 13 patches concern Oracle Enterprise Manager Grid Control....

The remaining fixes set to ship Tuesday cover Oracle applications such as E-Business Suite and JD Edwards, as well as the Sun Storage Common Array Manager and Oracle's virtualization technology....

END QUOTE

Still no SPECIFIC mention of the Zero-Day. Sloppy, shoddy & misleading reporting IMHO.

[Din5dale]

Wow...this is practically a copy/paste of this Reuters artcle
http://www.reuters.c...E90B0EX20130113

Plagiarize much?

[saraphen]

That's a mighty big patch to fix 86 vulnerabilities. I uninstalled Java on my computers. I'll wait for the patch to age a few weeks.

[jazzy007]

Still, my work depends on Java. Take out Java and might as well close shop and go home. This is for a large corporation that have more than 50,000 employees.

I acknowledge that there are treats out there, but many writers or bloggers tend to exaggerate many of the things they write about virus, flaw, worms, etc. Usually the main contributors to these story are Anti-Virus companies, like Norton, McAffe, Kaspersky and others.

As for the mention of Apple removing Java from the software, is incorrect. Only the newest version of OS-X Mountain Lion comes without Java. All previous version came with it. Also this gives people a false sense of security because once someone go to a web site that needs Java, most people will click and install Java on their brand new OS -X. Back to square one.

What these Anti-virus should do is provide or block these questionable web sites. I do understand that as soon one is mark, another will pop up, but it will keep these hackers working overtime until they get tired of it or is not profitable and dangerous for them. Most of these web sites use the same server which can be trace.

[Din5dale]

Java SE 7 u11 has been released
https://blogs.oracle.com/security/

Oracle Security Alert for CVE-2013-0422
http://www.oracle.co...22-1896849.html

Description

This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.

The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.

Download: http://www.oracle.co...oads/index.html

Is it Tuesday already? ;-)'

[Din5dale]

Quote

That's a mighty big patch to fix 86 vulnerabilities. I uninstalled Java on my computers. I'll wait for the patch to age a few weeks.

The 86 patches comprise their regularly scheduled quarterly patch cycle for ALL their products... their last (Oct '12 IIRC) contained 109. Adobe follows the same pattern, quarterly patch cycles with "out-of band" (cycle) patches for serious vulnerabilities such as the one they put out last week for Adobe Reader & Acrobat 11. Mico$oft does monthly patch cycles the 2nd Tues of each month, the last being last Tues... M$ is issuing an "out-of band" patch today for Internet Ex-PLODE-r 6,7 & 8...

This is normal & par for the course as unfortunately there's a lot of miscreants out there developing new vulnerabilities/exploits...There's a LOT of $$$$ in it for them.

[Din5dale]

Quote

Good news, I tried life without Java the last week, totally uninstalled, - mistake cant visit 97% of websites including pcworld. Reinstalled using noscript for firefox and a no script for chrome. still a failure can't log into hotmail, gmail, banking, paypal, you name it every place uses scripting, finally today i turned it back on, so the article should be how to surf the net without javascript or using a alternative javascript emulator or convertor to surf the web.. this way we can get rid of all sun java products just as I got rid of all apple products and devices and microsoft bloatware - except the os .. if i can find some alternatives to adobe products i can rid myself of windows also much faster and more free environment ..

***FACEPALM*** Java Runtime Environment is NOT JavaSCRIPT as Brogwalkerh explained above...

"Java is a programming language and JavaScript is a scripting language and is more similar to HTML"