Friday, December 19, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Facebook And Android Top Digital Trends For 2014
Your Next Car Could Have Android Inside
North Korea Linked To Recent Sony Hacking
Sony Global Education Established
CEA and Japan Audio Society to Jointly Promote Hi-Res Audio
Intel, IBM Follow Different Strategies On 14nm FinFET
Toshiba Announces 6TB Enterprise Capacity HDD Models
WebOS 2.0 Smart TV Platfom To Debut At CES
Active Discussions
The Leading Fifa 15 Coins saler
Windows xp
Will there be any trade in scheme for the coming PSP Go?
Hello, Glad to be Aboard!!!
Best optical drive for ripping CD's? My LG 4163B is mediocre.
Hi All!
cdrw trouble
CDR for car Sat Nav
 Home > News > General Computing > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, January 28, 2013
Researcher Finds New Bug In Java


Despite the recent commitment by the head of Java security that his team would fix bugs in the Java software, a researcher claims that a bug can still allow browser attacks.

The Java 7 Update 10 as well as the latest Update 11 let users decide which Java applets are allowed to run within their browsers. According to Oracle, users may control the level of security that will be used when running unsigned Java apps in a web browser. Apart from being able to completely disable Java content in the browser, four security levels can be used for the configuration of unsigned Java applications:

- "Low" - Most unsigned Java apps in the browser will run without prompting
- "Medium" - Unsigned Java apps in the browser will run withoutprompting only if the Java version is considered secure.
- "High" - User will be prompted before any unsigned Java app runs in the browser.
- "Very High" - Unsigned (sandboxed) apps will not run.

But according to Adam Gowdiak, CEO of Security Explorations, none of the settings can stymie an attacker. He claims that in practice, it is possible to execute an unsigned (and malicious) Java code without a prompt corresponding to security settings configured in Java Control Panel.

Gowdiak said that a 'Proof of Concept' code that illustrates Issue 53 had been executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with "Very High" Java Control Panel security settings.

Gowdiak suggests that people turn to a browser with 'click-to-play,' a feature that forces users to explicitly authorize a plug-in's execution. Chrome and Firefox include support this feature.


Previous
Next
Pantech Introduces 5.9-inch Full-HD Smartphone        All News        RIM Unveils Lower BlackBerry World Price Tiers
Google Offers More Than 3 Million In Rewards For Chrome OS Hacking Contest     General Computing News      Samsung to Invest in Shanghai Plant: report

Get RSS feed Easy Print E-Mail this Message

Related News
GPU Acceleration Coming to Java
New Emergency Fix Releaseed For Java zero-day Exploit Released
New Critical Patch For Java SE Released
Oracle Patches Java Bugs
Java Said To Put Computers in High Risk
Google Threatens To Exclude French Web sites From Search
Apple Removes Java From OS X
Industry Leaders Launch UTI, Home to the Java Verified Program
Sun Releases Java to The Open Source Community
JBlend Deployed in Sony Ericsson's First 3G i-mode Handset
Sony Ericsson releases Mobile JUnit for Java ME
New Java spec published

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .