Re: java2

Play another game. Seriously. Did you not read my post ?
Here's another security risk from Sun:

Ghosts Of Java Haunt Users
http://www.bleepingcomputer.com/blogs/mowgreen/index.php?showentry=1333

And the latest one:

Evilgrade: Exploit toolkit pwns insecure online updates
http://blogs.zdnet.com/security/?p=1576

A security research outfit in Argentina has released a malcode distribution toolkit capable of launching man-in-the-middle attacks against popular products that use insecure update mechanisms.

The toolkit, called Evilgrade, works in conjunction with man-in-the-middle techniques (DNS, ARP and DHCP spoofing) to exploit a wide range of applications, according to a post on the Metasploit blog.

The first version of the toolkit ships with exploit modules for several widely deployed software, including Apple’s Mac OS X and iTunes, WinZip, Winamp, OpenOffice and * Sun Java *.

Demo video here: http://www.infobyte.com.ar/demo/evilgrade.htm

Still want to play pogo and put your system at risk ?
It's your choice.


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



kslatimer wrote:

i have a java issue with pogo.com games, not found or not working, I have tried everything, what do I do? kslatimer

"MowGreen [MVP]" wrote:


My 2 cents ... Don't install it. Sun refuses to acknowledge that the security of a system can/will most likely be compromised due to elevation of privleges in java applets. This issue has appeared *repeatedly* with their Java Runtimes.
Here's the latest one:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1

Also, when a system is updated with the latest JRE to resolve security issues the older, vulnerable version is left behind. Sun claims that files in the older, vulnerable versions are replaced, thus mitigating any security issues and that the vulnerable versions can not be called by malicious coders.

If that is so, then why do they include this at the bottom of all their security bulletins ? -


Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see:

* http://java.com/en/download/help/uninstall_java.xml

To further confuse matters, on their 'consumer' download pages there is no mention that older 'affected' versions should be removed, in fact, they recommend KEEPING them - http://java.com/en/download/faq/5000070400.xml


Can I remove older versions of the JRE after installing a newer version?

The latest version of the Java Runtime Environment (JRE) contains updates to previous versions. There might be some applications or applets written and tested against a specific version of the JRE.

It is recommended that you keep older versions of the JRE on your system. If you are running low on disk space, you can uninstall older versions of the JRE.

Notice that they say 'updates' without further explanation.
And, the amount of disk space consumed by the older versions can grow quite large. I've seen systems with SEVEN different versions installed.
That's over 1 Gigabyte of wasted space.

Any software that is properly written for specific apps or applets SHOULD be backward compatible. e.g. all such apps or applets written for
the JRE 6 version should work with any subsequent JRE 6 version.

Here's a list of vulnerabilities with Sun's java since June 29th ONLY:

A Security Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
2007-07-18
Sun Java JRE/JDK Processing of XSLT Stylesheets in XML Signatures Vulnerability
2007-07-11
Java JRE/JDK JSSE DoS and Untrusted Applets Network Security Bypass 2007-07-11
Sun Java Web Start JNLP File Processing Buffer Overflow 2007-07-10
Sun Java Web Start Untrusted Application Arbitrary File Overwrite 2007-06-29

The last 2 are Critical vulnerabilities. The first one may be, but Sun never fully disclosed if it is.

Caveat emptor !

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============



cate wrote:


How do you install java2 into windows xp please?

.