Monday, January 26, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Microsoft Reports Second Quarter Results
Smart TVs Could Be Hackers' Next Target
Oculus Forms Virtual-reality Film Studio
Dell Launches Malware Protection and Detection Service
Motorola Returns To The Chinese Market with Three New Phones
LG Display Buys Rights To Use New OLED Technology
Turkish Court Orders Facebook to Remove Pages Insulting Mohammad
Malaysia Airlines And Russian Dating Sites Topface Websites Hacked
Active Discussions
Sound card for my Laptop
full screen wide screen
Hi
About the restriction problem of chapter quantity in DVD
Booktype utilities for LiteON and OEM DVD Recorders
downgrade a nero vision 5 project to nero vision 2
what is the minimum burning speed
GSA-4163B and bitsetting
 Home > News > General Computing > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, January 28, 2013
Researcher Finds New Bug In Java


Despite the recent commitment by the head of Java security that his team would fix bugs in the Java software, a researcher claims that a bug can still allow browser attacks.

The Java 7 Update 10 as well as the latest Update 11 let users decide which Java applets are allowed to run within their browsers. According to Oracle, users may control the level of security that will be used when running unsigned Java apps in a web browser. Apart from being able to completely disable Java content in the browser, four security levels can be used for the configuration of unsigned Java applications:

- "Low" - Most unsigned Java apps in the browser will run without prompting
- "Medium" - Unsigned Java apps in the browser will run withoutprompting only if the Java version is considered secure.
- "High" - User will be prompted before any unsigned Java app runs in the browser.
- "Very High" - Unsigned (sandboxed) apps will not run.

But according to Adam Gowdiak, CEO of Security Explorations, none of the settings can stymie an attacker. He claims that in practice, it is possible to execute an unsigned (and malicious) Java code without a prompt corresponding to security settings configured in Java Control Panel.

Gowdiak said that a 'Proof of Concept' code that illustrates Issue 53 had been executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with "Very High" Java Control Panel security settings.

Gowdiak suggests that people turn to a browser with 'click-to-play,' a feature that forces users to explicitly authorize a plug-in's execution. Chrome and Firefox include support this feature.


Previous
Next
Pantech Introduces 5.9-inch Full-HD Smartphone        All News        RIM Unveils Lower BlackBerry World Price Tiers
Google Offers More Than 3 Million In Rewards For Chrome OS Hacking Contest     General Computing News      Samsung to Invest in Shanghai Plant: report

Get RSS feed Easy Print E-Mail this Message

Related News
GPU Acceleration Coming to Java
New Emergency Fix Releaseed For Java zero-day Exploit Released
New Critical Patch For Java SE Released
Oracle Patches Java Bugs
Java Said To Put Computers in High Risk
Google Threatens To Exclude French Web sites From Search
Apple Removes Java From OS X
Industry Leaders Launch UTI, Home to the Java Verified Program
Sun Releases Java to The Open Source Community
JBlend Deployed in Sony Ericsson's First 3G i-mode Handset
Sony Ericsson releases Mobile JUnit for Java ME
New Java spec published

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .