Posts Tagged ‘security’

Java attack – Are you in trouble?

Friday, January 11th, 2013

Homeland Security (USA) has warned all users to disable or uninstall Java because they’ve identified a vulnerability with the platform. Here’s their story.

Now, I’m not going to repeat that story. But BEFORE you even think of removing Java, here are a few things you need to pay attention to… And please don’t ignore this. It is serious!

1. Do you need Java?

Well, I do. My virtual classroom software is written in Java. So removing Java would mean end of work. But that’s only one example. If you’re a business, you should make sure if you really need this software. Perhaps you have one or more business applications running Java.

2. Are you online?

This may seem like a silly question in today’s context, but rethink this. There are applications like payroll, for example, that only depend on the local network or a stand-alone PC. If these apps can be run without depending on an Internet connection, then you might as well use them with the Internet unplugged on the system. This would be a way out at least until you find an alternative means of running those apps or until there’s a fix (which¬† don’t see as immediately availabe).¬† But if you cannot afford to disconnect from a net connection, it’s best you remove Java 7.

3. Examples of Java applications:

The following is not a comprehensive list but it is somewhat popular. So taking off Java means the end of these…

  • RuneScape – a browser-driven game
  • LogMeIn – Remote access application. Often used for troubleshooting (even by many Mac service folks). Even I used it once but I was more for TeamViewer.
  • VB6 (Visual Basic 6). No, VB6 is NOT Java-driven. But the installer needed a Java update. And since then you may have updated Java up to version 7; just maybe…
  • WizIQ – Virtual Classroom environment. I’v been using this for some time now.
  • Select Oracle appilcations and certain other applications – For the front-end, they use Java.
  • Applets for alerts, games and website plug-ins or animations. A very old applet since the start of Java has been the fluttering flag. There are more like buttons and stuff.

4. Is OpenJDK vulnerable to this?

Since Oracle (the developers of Java) have licensing restrictions, not everyone is allowed to have Oracle’s Java platform. Thus came Open Java. So is OpenJDK vulnerable?

Answer: Seems not… READ THIS

However, it’s best to look away from Java-based solutions. This is because of the nature of the language, you’re prone to bump into more (similar) issues in the future as well. And as a Java 7 user, maybe your app might not work correctly on Open Java.

Should anyone need fixes or advice from experts, we’re just a few clicks away!

*** All trademarks acknowledged ***

BAD NEWS: Your passwords in France may be read by others

Wednesday, April 13th, 2011

This is probably one of the most absurd piece of news I heard.

It is common practice for us to encrypt passwords on our web and other databases using a one-way hash. The idea is that our users feel relieved that their accounts are safe. But now this crazy news about government law!

The Government of France apparently insists that passwords be kept unencrypted. And the reason behind it is to allow the ‘law’ access to them on demand.

In my opinion, this is an absurd rule and it can just cause people to lose trust and confidence in service providers. How would you, for example, feel if Yahoo were to reveal your unencrypted passwords to the government? In that case, you’d rather keep your doors unlocked during the night.

If this rather silly rule is going to be implemented, we’re in for an economic down-turn dur to its negative impact.

Based off the story here: