1 2 3 4 Previous Next 59 Replies Latest reply: Jul 8, 2011 6:20 AM by etresoft Go to original post
  • 15. Re: Should I be wary of Java and Adobe.
    etresoft Level 7 Level 7 (24,270 points)

    I don't think there is anything wrong with bringing Microsoft into the mix. They are in much the same boat as Apple. Microsoft doesn't want to be dependent upon Adobe for their interactive web experience any more than Apple does. While Microsoft has Silverlight, it hasn't caught on as well as they had hoped. Microsoft isn't the Microsoft they once were. Like Apple, Microsoft is focusing on HTML5 support for the future.

     

    Java is not a big deal because there is very little Java web content. I haven't seen an applet in years.

  • 16. Re: Should I be wary of Java and Adobe.
    Ronda Wilson Level 8 Level 8 (40,695 points)

    You know what?

     

    I have both Java and JavaScript enabled. I use Safari. I search Google images regularly. And I have never encountered MacDefender or its various offshoots in my sojourns on the internet (knock wood).

     

    If it happens, I'll deal with it then. Until then, "What, me worry?"

     

    /___sbsstatic___/migration-images/155/15545469-1.jpg

  • 17. Re: Should I be wary of Java and Adobe.
    Barney-15E Level 8 Level 8 (35,295 points)

    java.net.InetAddress.getLocalHost()

     

    Is NOT a "hole" but a actual command feature of Java that exists today.

     

     

    One can test that right here on this site:

     

    http://www.kidslovepc.com/javascript/javascript_ip_lan.shtml

     

    Yep, still works, fully updated too.

     

     

    Now what Bob?

     

    So. Every programming environment has a way to get the local IP address. How else would a program manipulate them?

    Java is a programming language, just like C, C++, C#, Pascal, etc.

     

    Javascript has very little to do with Java, mostly just the "java" in their names.

     

    That javascript you linked to does call the Java API getLocalHost function, but that has nothing to do with the security of Java. Interstingly, that button does nothing on my system.

  • 18. Re: Should I be wary of Java and Adobe.
    etresoft Level 7 Level 7 (24,270 points)

    ds store wrote:

     

    One can test that right here on this site:

     

    http://www.kidslovepc.com/javascript/javascript_ip_lan.shtml

     

    Yep, still works, fully updated too.

    It only works in Firefox and then only displays localhost. How is that a security hole?

     

    Interestingly, your example does bring up a topic I never knew about. Apparently it is possible to call Java from Javascript. Firefox and older browsers are apparently able to do this directly. Modern browsers can only access public methods from an applet, which already has extensive secuity checks.

     

    I was able to get more modern examples of this (known as "LiveConnect") to work in Safari. Apparently, this "hole" of accessing Java directly and revealing the user's localhost address of 127.0.0.1 (which is common to any computer with TCP/IP networking) only works in Firefox. 

  • 19. Re: Should I be wary of Java and Adobe.
    Russa Level 4 Level 4 (1,315 points)

    JAVA and Adobe (Flash) are arguably standards in the industry. I guess you could use the Mac without these two software pieces, but then you would loose the "full experience". There was a recent Java update released under 10.6.8, And if you want to see Flash enabled video content on web pages then you'll need that support.

     

    I'm sure my next statement will draw some comments .. personally I use Intego's Virus Barrier 6 that offers a little more than just virus protection since it also has some internet and anomaly detection features.

     

    Keeping your MacOS (10.6.8) and support software current will provide as much protection as available in the industry.

  • 20. Re: Should I be wary of Java and Adobe.
    Barney-15E Level 8 Level 8 (35,295 points)

    Java is only required if you want to run something written in Java. As far as I can tell, there's not much in the "full experience" that I've needed since I asked Java its version and the OS asked if I wanted to install it. I'm not sure what I missed, but I guess I'll have to answer "no" to Jimi's question.

  • 21. Re: Should I be wary of Java and Adobe.
    Klaus1 Level 8 Level 8 (44,495 points)

    You can check the status of your plug-ins here:

     

    https://www.mozilla.com/en-US/plugincheck/

     

    No you can't.

     

    Quite the most useless thing I have seen in a while.

     

    It doesn't know that Flash 10.1 cannot be updated on this Mac.

     

    It describes all of the following as 'unknown plug-ins' that need further research:

     

    Flip4Mac

    Google Earth

    Adobe Acrobat and Reader

    RealPlayer

    Quartz Composer

     

    But presumably it is only for Firefox? Or Windows?

  • 22. Re: Should I be wary of Java and Adobe.
    ds store Level 7 Level 7 (30,305 points)

    etresoft wrote:

     

    It only works in Firefox and then only displays localhost. How is that a security hole?

     

    Interestingly, your example does bring up a topic I never knew about. Apparently it is possible to call Java from Javascript. Firefox and older browsers are apparently able to do this directly. Modern browsers can only access public methods from an applet, which already has extensive secuity checks.

     

    I was able to get more modern examples of this (known as "LiveConnect") to work in Safari. Apparently, this "hole" of accessing Java directly and revealing the user's localhost address of 127.0.0.1 (which is common to any computer with TCP/IP networking) only works in Firefox. 

     

    Yes, this is interesting, the site doesn't work in Safari. So I'm assuming here Apple perhaps understands a potential security risk with revealing the internal IP?

     

    I don't know, I'm not a network guru, but I heard bad things about this particular Java feature, especially with malicious sites, that it kind of negates the security of the router.

     

    I was hoping to ask the "15 years with Java" guy all about it.

  • 23. Re: Should I be wary of Java and Adobe.
    ds store Level 7 Level 7 (30,305 points)

    Barney-15E wrote:

     


    So. Every programming environment has a way to get the local IP address. How else would a program manipulate them?

    Java is a programming language, just like C, C++, C#, Pascal, etc.

     

    Javascript has very little to do with Java, mostly just the "java" in their names.

     

    That javascript you linked to does call the Java API getLocalHost function, but that has nothing to do with the security of Java. Interstingly, that button does nothing on my system.

     

    Likely because your running Safari, anyway read my response to etresoft if you would.

  • 24. Re: Should I be wary of Java and Adobe.
    ds store Level 7 Level 7 (30,305 points)

    Klaus1 wrote:

     

    You can check the status of your plug-ins here:

     

    https://www.mozilla.com/en-US/plugincheck/

     

    No you can't.

     

    Quite the most useless thing I have seen in a while.

     

    It doesn't know that Flash 10.1 cannot be updated on this Mac.

     

    It describes all of the following as 'unknown plug-ins' that need further research:

     

    Flip4Mac

    Google Earth

    Adobe Acrobat and Reader

    RealPlayer

    Quartz Composer

     

    But presumably it is only for Firefox? Or Windows?

     

    It's supposed to be for all browsers, but i've noticed it's not perfect at times.

     

    And a funny thing, I used the mozilla link check and it found a update for Flash for my system, but when I ran the installed Flash updater to check, it said I was up to date! (thread in the Lounge, sorry others )

     

    https://discussions.apple.com/thread/3156226?tstart=0

     

    So anyway It's a mystery how both of these funcitons are operating.

  • 25. Re: Should I be wary of Java and Adobe.
    Barney-15E Level 8 Level 8 (35,295 points)

    Likely because your running Safari, anyway read my response to etresoft if you would.

    I did, but I'm still wondering why you are conflating Java with Javascript. They are two different things, totally unrelated.

  • 26. Re: Should I be wary of Java and Adobe.
    ds store Level 7 Level 7 (30,305 points)

    Barney-15E wrote:

     

    I did, but I'm still wondering why you are conflating Java with Javascript. They are two different things, totally unrelated.

     

    I've been around computers for 24 years and do know the difference there.

     

    What is interesting is that Javascript can call Java, that I didn't know.

     

    Likely the vise versa is true as well. Surprising how much we DON'T know about the plug-ins we allow on our machines.

     

    *places tin foil hat on*

  • 27. Re: Should I be wary of Java and Adobe.
    Barney-15E Level 8 Level 8 (35,295 points)

    What's so insecure about knowing my internal IP address?

    I bet I could guess six to ten times and hit about 90% of all internal home IP addresses.

    10.0.0.2, 10.0.1.2, 192.168.0.2, 192.168.1.2, 192.168.0.100, 192.168.1.100, 172.16.0.2, 172.16.1.2, 172.16.0.100, 172.16.1.100.

    If I did any research on default router configurations, I could likely tighten that up.

  • 28. Re: Should I be wary of Java and Adobe.
    ds store Level 7 Level 7 (30,305 points)

    And if I set my own internal IP and didn't want anyone to know it, then I should have Java off correct?

     

    *tightens tin foil hat further*

  • 29. Re: Should I be wary of Java and Adobe.
    WZZZ Level 6 Level 6 (12,225 points)

    If I go to

     

    http://www.whatsmyip.org/

     

    it won't display my internal IP until I "allow" the site with JS (using NoScript.) Is that JS calling Java? Not possible, since I have Java disabled. Must be through JS alone.