Java-Gaming.org    
Featured games (79)
games approved by the League of Dukes
Games in Showcase (477)
Games in Android Showcase (107)
games submitted by our members
Games in WIP (534)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Oracle effectively disables Java in all browsers?  (Read 4572 times)
0 Members and 1 Guest are viewing this topic.
Offline Grunnt

JGO Wizard


Medals: 64
Projects: 8
Exp: 5 years


Complex != complicated


« Posted 2012-09-03 13:44:42 »

Apparently, the latest patch of the Java security vulnerabilities is not so secure itself:

Quote
Security Explorations, the Polish security startup that discovered the Java SE 7 vulnerabilities that have been the targets of recent web-based exploits, has spotted a new flaw that affects the patched version of Java released this Thursday.

Unfortunately, these flaws means that people are recommended in many places and news items these days to uninstall java from their systems:

Quote
For the time being, given the apparent similarity of this flaw to the ones previously reported, users are advised to either disable Java in their browsers or uninstall it completely to avoid falling prey to any future exploits.
http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/

That's not so good for Java Gaming Clueless I guess I have to start looking at how to embed a Java runtime in an application..

Offline princec

JGO Kernel


Medals: 342
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #1 - Posted 2012-09-03 13:46:55 »

Indeed, it doesn't affect me one bit. But this is just what I've been telling people to do for 10 years now, quietly ignored in the background Smiley

Cas Smiley

Offline ReBirth
« Reply #2 - Posted 2012-09-03 14:38:09 »

No more applet?

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline appel

JGO Wizard


Medals: 50
Projects: 4


I always win!


« Reply #3 - Posted 2012-09-03 15:49:56 »

I think they've misunderstood the concept of a "sandbox". It's supposed to have walls. Without walls, all the filth of the internet spills into your computer.

Check out the 4K competition @ www.java4k.com
Check out GAMADU (my own site) @ http://gamadu.com/
Offline Oskuro

JGO Knight


Medals: 39
Exp: 6 years


Coding in Style


« Reply #4 - Posted 2012-09-03 15:58:33 »

Ah-HA! This is Oracle's Master Plan (tm) to force users off of Java 7, paving the way for their new pay-only Java 8! </conspiracy>  Roll Eyes


Does OpenJDK suffer the same issues?

Offline ReBirth
« Reply #5 - Posted 2012-09-03 16:03:02 »

Quote
Does OpenJDK suffer the same issues?
OpenJDK may has same security issue, but they don't tell ppl to uninstall.

Offline aldacron

Senior Member


Medals: 9
Exp: 16 years


Java games rock!


« Reply #6 - Posted 2012-09-03 16:20:58 »

Seen this latest one in the Register yet? This time, it's Java 6.
Offline Grunnt

JGO Wizard


Medals: 64
Projects: 8
Exp: 5 years


Complex != complicated


« Reply #7 - Posted 2012-09-03 16:23:06 »

Indeed, it doesn't affect me one bit. But this is just what I've been telling people to do for 10 years now, quietly ignored in the background Smiley

Cas Smiley

Huh, did I hear a whisper in the background?

...

I'm hearing you Grin

Offline appel

JGO Wizard


Medals: 50
Projects: 4


I always win!


« Reply #8 - Posted 2012-09-03 16:59:15 »

Ah-HA! This is Oracle's Master Plan (tm) to force users off of Java 7, paving the way for their new pay-only Java 8! </conspiracy>  Roll Eyes


Does OpenJDK suffer the same issues?
Well, if they did that, they'd pretty much kill off Java on the desktop. Nobody will pay for java. Plenty of other free alternatives.

Check out the 4K competition @ www.java4k.com
Check out GAMADU (my own site) @ http://gamadu.com/
Offline Oskuro

JGO Knight


Medals: 39
Exp: 6 years


Coding in Style


« Reply #9 - Posted 2012-09-03 17:08:55 »

Yeah well, I was kidding you see.  Stare

Just read the Register article. This looks grim. I wonder why Oracle or the OpenJDK devs are not jumping on this, even if the issue is eventually fixed, failing to provide a quick solution could result in enough user backlash to effectively kill Java.


Edit: Interesting. Firefox automatically disables the outdated Java plug-in.

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline jezek2
« Reply #10 - Posted 2012-09-03 17:24:15 »

Well, if they did that, they'd pretty much kill off Java on the desktop. Nobody will pay for java. Plenty of other free alternatives.

Out of curiosity, what free alternatives? Smiley The closest thing is just Qt.
Offline ReBirth
« Reply #11 - Posted 2012-09-03 17:29:08 »

IMHO. The alternatives on their current state now are not match to what whole Java gained so far. But in the time of Java falling time? who knows.

Offline Oskuro

JGO Knight


Medals: 39
Exp: 6 years


Coding in Style


« Reply #12 - Posted 2012-09-03 17:39:17 »

I keep my fingers crossed that OpenJDK somehow kicks regular Java in the teeth and becomes the default Java API.... Guess I'm being naive or something.  Sad

Offline sproingie

JGO Kernel


Medals: 201



« Reply #13 - Posted 2012-09-03 17:50:46 »

OpenJDK is the official java development branch and is what Oracle's JDK is built on.

Or did you mean the IceTea plugin?  That might not be susceptible by way of being broken in general.

Offline Oskuro

JGO Knight


Medals: 39
Exp: 6 years


Coding in Style


« Reply #14 - Posted 2012-09-03 18:15:58 »

What? My understanding was that OpenJDK was a spin-off using the Java source intending to implement an alternative to Oracle's Java.


Offline Cero
« Reply #15 - Posted 2012-09-03 18:34:11 »

What? My understanding was that OpenJDK was a spin-off using the Java source intending to implement an alternative to Oracle's Java.

Mine too. But I think, BY NOW, its official.

Offline Oskuro

JGO Knight


Medals: 39
Exp: 6 years


Coding in Style


« Reply #16 - Posted 2012-09-03 19:47:36 »

*reads a bit* I see.

No Windows OpenJDK distribution?  Clueless I guess you could compile your own.

Offline jonjava
« Reply #17 - Posted 2012-09-04 06:55:54 »

How do these exploits affect the majority of people who don't visit dodgy websites?

Offline princec

JGO Kernel


Medals: 342
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #18 - Posted 2012-09-04 11:42:00 »

It turns out that a significant number of people visit dodgy websites but won't actually admit it to anyone.
It also turns out that other people living in your home network might visit dodgy websites and let something nasty into your house.
Or someone in the office might visit somewhere dodgy and the next thing you know every PC in the office is fuxx0red. Then someone takes his infected laptop home and plugs it in.

It's a terrible situation and could really have done with patching within 24 hours of being noticed. Oracle have really screwed up.

Cas Smiley

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 74
Projects: 15


★★★★★


« Reply #19 - Posted 2012-09-04 11:49:26 »

Also these sort of things don't usually spread by people intentionally visiting dodgy websites but by things like people receiving links in email which they click (or on Facebook or some other genuine site) . Once infected then the usual multiplication cycle begins i.e. the malicious app sends more links to the list of contacts on the compromised machine.
Offline Oskuro

JGO Knight


Medals: 39
Exp: 6 years


Coding in Style


« Reply #20 - Posted 2012-09-04 11:59:17 »

I've personally disabled the Java browser plugin, despite having updated to the latest patch. The thing is, how effective is this at preventing infection?

Also, I'm of the opinion that people should be able to visit dodgy websites if they like. The issue here is not a user doing something stupid like clicking on an executable, but rather a part of the software that is supposed to be secure failing in its task.

Offline princec

JGO Kernel


Medals: 342
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #21 - Posted 2012-09-04 12:23:15 »

As they say, it takes two to tango - the JRE browser plug in is a huge security risk, but unfortunately the browser security net isn't tight enough to catch things falling through the holes, and nor is the OS because the JRE effectively runs with administrative permissions.

The JRE should only ever have been allowed to run with the credentials of a restricted user account. This goes for Mac OS and Linux as well, but sadly I believe on all 3 desktop OSes the JRE has "root". Duh. Unbelievable really but there we go. Everyone involved in the toolchain is to blame for spectacular shortsightedness.

Cas Smiley

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 74
Projects: 15


★★★★★


« Reply #22 - Posted 2012-09-04 13:03:37 »

It just gets better.

http://www.theregister.co.uk/2012/09/04/antisec_hackers_fbi_laptop_hack/
Offline Oskuro

JGO Knight


Medals: 39
Exp: 6 years


Coding in Style


« Reply #23 - Posted 2012-09-04 13:06:26 »

The JRE should only ever have been allowed to run with the credentials of a restricted user account.

Agreed. I was under the impression that the JVM was quite limited when it comes to System interaction. Sad to be wrong on this one.

Offline vyh

Senior Newbie





« Reply #24 - Posted 2012-09-04 18:34:54 »

And JaGeX I'm think trying move from Java. JaGeX writing RuneScape graphics engine that runs on HTML5.
http://www.zybez.net/news/1950/runescape_for_html5/
Offline princec

JGO Kernel


Medals: 342
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #25 - Posted 2012-09-04 19:56:24 »

Now that is daft. But then they are a surprisingly daft company.

Cas Smiley

Offline Best Username Ever

Junior Member





« Reply #26 - Posted 2012-09-04 23:00:29 »

HTML5... you mean that thing that takes all those ideas from the Netscape/IE6 era and builds a "standard" API around them? As bad as all the plug ins creators are in terms of security, I almost feel bad for them. They don't get the plausible deniability that comes with adopting meaningless terms to describe their products, even if just a few tightly connected companies are the ones trying to force feature creep in web browsers. When Flash, Java, or Windows go unpatched for a week it's bad and bloggers know what brands to blame, but when a web browser supports ridiculous features that only serve to help virus writers and advertising companies it's touted as innovation and gets invariably good press. It doesn't matter if it's unpatched for 6 weeks or 6 years. And it doesn't matter if it's insecure by design. It only matters if the problem is fairly invisible and can be patched through public relations instead of software changes.
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

pw (35 views)
2014-07-24 01:59:36

Riven (33 views)
2014-07-23 21:16:32

Riven (21 views)
2014-07-23 21:07:15

Riven (24 views)
2014-07-23 20:56:16

ctomni231 (55 views)
2014-07-18 06:55:21

Zero Volt (47 views)
2014-07-17 23:47:54

danieldean (38 views)
2014-07-17 23:41:23

MustardPeter (43 views)
2014-07-16 23:30:00

Cero (59 views)
2014-07-16 00:42:17

Riven (56 views)
2014-07-14 18:02:53
HotSpot Options
by dleskov
2014-07-08 03:59:08

Java and Game Development Tutorials
by SwordsMiner
2014-06-14 00:58:24

Java and Game Development Tutorials
by SwordsMiner
2014-06-14 00:47:22

How do I start Java Game Development?
by ra4king
2014-05-17 11:13:37

HotSpot Options
by Roquen
2014-05-15 09:59:54

HotSpot Options
by Roquen
2014-05-06 15:03:10

Escape Analysis
by Roquen
2014-04-29 22:16:43

Experimental Toys
by Roquen
2014-04-28 13:24:22
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!