Canreef Aquatics Bulletin Board  

Go Back   Canreef Aquatics Bulletin Board > Other > Lounge
Reload this Page Does anyone know anything about Java security
Portal PhotoPost Gallery Register Blogs FAQ Members List Calendar Today's Posts

Reply
 
Thread Tools Display Modes
  #1  
Old 09-15-2010, 05:34 AM
trilinearmipmap trilinearmipmap is offline
Member
  
Join Date: Feb 2003
Location: Prince Rupert B.C.
Posts: 1,213
trilinearmipmap is on a distinguished road
Default Does anyone know anything about Java security
I am not a computer whiz but I have been advised that Java has got some serious security issues and I have some questions for those who know more about this. Specifically I have heard that the older versions of Java had huge security flaws that would make your computer vulnerable to hacking. As I understand there were updates to Java to try and cover these security flaws.

The issue came up today at work. I work with a big organization that has hundreds or thousands of computers. The organization deals with critical data that has important safety and privacy aspects and a security breach would be devastating. One of their programs would not work on my computer and when I called tech support I was told "our program is not compatible with the latest version of Java, you need to un-install Java and then re-install the earlier version of Java". When I called the tech support guy on this he admitted that it made no sense but said that he doesn't make the decisions, upper management does.

My understanding is if I do this I am exposing my computer to hacking etc. Not only that but if the hundreds to thousands of computers in this organization are running the older version of Java then they have got a serious security problem.

Anyway I need some feedback from someone who knows more about this before I take the issue up with someone in management. I don't want to raise this as a serious security issue if it really is not.
__________________
120 gallon sps/anemones/LPS reef since 2004
Apex controller
8 x 54 watt T5 PowerModule
Herbie's silent overflow system
Jebao DC 12000 return pump
Jecod CP-40 Cross-flow circulation device
Mini Bubble King 180
Barr Aquatics calcium reactor
Bucket fuge
Reply With Quote
  #2  
Old 09-15-2010, 07:45 AM
wolf_bluejay wolf_bluejay is offline
Member
  
Join Date: Nov 2007
Location: Kamloops, BC
Posts: 84
wolf_bluejay is on a distinguished road
Default
No, java does not have huge security holes... Adobe Acrobat, adobe flash, MS outlook are HUGE security problems. Java might have some, but a little common sense goes a long way. For a java program to get to the underlying system, you will almost always get a little pop-up that states java is trying to access you system (sometimes needed for printing, etc). If it shouldn't be doing it, they say no.

PS. I work every single day with a massive government system that has a lot of FOIPPA legals to go with it, it runs on java, and only works with older versions. No significant security issues so with it. You are MUCH more likely to get problems from someone who opened the wrong e-mail or read a nasty PDF, (even worse, opened a nasty PDF inside outlook) and has a trojan that logs keystrokes to record password and draw info out of the system that way, rather than a problem with java directly.

All in, if the software you NEED is java, and it can't run on never version -- what would be the solution? One of the best things you can do is what I do on a regular basis for the "really, really secure stuff" is to use Vmware, or vitualbox and install (linux/xp/whatever) into it, and then run the program from there. it can't touch the computer that is hosting it, thus protecting the data. And as a bonus, if you keep basic copies of the VM, you get throw away machine to play with software you don't trust.


Disclaimer: I AM a computer security expert (Degree to go with it and everything).



Quote:
Originally Posted by trilinearmipmap View Post
I am not a computer whiz but I have been advised that Java has got some serious security issues and I have some questions for those who know more about this. Specifically I have heard that the older versions of Java had huge security flaws that would make your computer vulnerable to hacking. As I understand there were updates to Java to try and cover these security flaws.

The issue came up today at work. I work with a big organization that has hundreds or thousands of computers. The organization deals with critical data that has important safety and privacy aspects and a security breach would be devastating. One of their programs would not work on my computer and when I called tech support I was told "our program is not compatible with the latest version of Java, you need to un-install Java and then re-install the earlier version of Java". When I called the tech support guy on this he admitted that it made no sense but said that he doesn't make the decisions, upper management does.

My understanding is if I do this I am exposing my computer to hacking etc. Not only that but if the hundreds to thousands of computers in this organization are running the older version of Java then they have got a serious security problem.

Anyway I need some feedback from someone who knows more about this before I take the issue up with someone in management. I don't want to raise this as a serious security issue if it really is not.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 06:53 PM.

Contact Us - Canreef Aquatics - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.