Friday, November 28, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Sony's New E-Paper FES Watch Appears Online
Amazon Releases Deals of the Year on Cyber Monday
Germany To Get Secure Phones By BlackBerry
Xbox And Playstation Black Friday Deals
Toshiba Launches ARM-Based Application Processors with Sound, Image Data-Mining and Security Functions
Pioneer To Release The BDR-XU03JM Portable Blu-ray Drive For Macs
Syrian Electronic Army targets CNBC, Telegraph, Independent, PCWorld
GoPro Camera Drones In The Works: report
Active Discussions
Hi All!
cdrw trouble
CDR for car Sat Nav
DVD/DL for Optiarc 7191S at 8X
Copied dvd's say blank in computer only
Made video, won't play back easily
New Features In Firefox 33
updated tests for dvd and cd burners
 Home > News > General Computing > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, January 28, 2013
Researcher Finds New Bug In Java


Despite the recent commitment by the head of Java security that his team would fix bugs in the Java software, a researcher claims that a bug can still allow browser attacks.

The Java 7 Update 10 as well as the latest Update 11 let users decide which Java applets are allowed to run within their browsers. According to Oracle, users may control the level of security that will be used when running unsigned Java apps in a web browser. Apart from being able to completely disable Java content in the browser, four security levels can be used for the configuration of unsigned Java applications:

- "Low" - Most unsigned Java apps in the browser will run without prompting
- "Medium" - Unsigned Java apps in the browser will run withoutprompting only if the Java version is considered secure.
- "High" - User will be prompted before any unsigned Java app runs in the browser.
- "Very High" - Unsigned (sandboxed) apps will not run.

But according to Adam Gowdiak, CEO of Security Explorations, none of the settings can stymie an attacker. He claims that in practice, it is possible to execute an unsigned (and malicious) Java code without a prompt corresponding to security settings configured in Java Control Panel.

Gowdiak said that a 'Proof of Concept' code that illustrates Issue 53 had been executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with "Very High" Java Control Panel security settings.

Gowdiak suggests that people turn to a browser with 'click-to-play,' a feature that forces users to explicitly authorize a plug-in's execution. Chrome and Firefox include support this feature.


Previous
Next
Pantech Introduces 5.9-inch Full-HD Smartphone        All News        RIM Unveils Lower BlackBerry World Price Tiers
Google Offers More Than 3 Million In Rewards For Chrome OS Hacking Contest     General Computing News      Samsung to Invest in Shanghai Plant: report

Get RSS feed Easy Print E-Mail this Message

Related News
GPU Acceleration Coming to Java
New Emergency Fix Releaseed For Java zero-day Exploit Released
New Critical Patch For Java SE Released
Oracle Patches Java Bugs
Java Said To Put Computers in High Risk
Google Threatens To Exclude French Web sites From Search
Apple Removes Java From OS X
Industry Leaders Launch UTI, Home to the Java Verified Program
Sun Releases Java to The Open Source Community
JBlend Deployed in Sony Ericsson's First 3G i-mode Handset
Sony Ericsson releases Mobile JUnit for Java ME
New Java spec published

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .