• 2752閱讀
  • 29回復

美國安部警告:Java爆重大安全漏洞  (17/1:仍然有漏洞,請繼續封鎖) [復制鏈接]

上一主題 下一主題
離線國球旗
發帖
206381
好友元
50
閱讀權限
206381
貢獻值
13
只看該作者 15  發表于: 2013-01-14
【本報訊】美國國土安全部早前發警告指Java程式有嚴重保安漏洞,呼籲全球用戶停用和解除安裝Java。Java所屬的甲骨文公司(Oracle)發聲明,表示短期內會發表修補程式堵塞保安漏洞,以免用戶電腦被黑客入侵。

聲明指,僅應用於互聯網瀏覽器的Java最新版本軟件「JDK7」有保安漏洞,直接用在電腦、伺服器等裝置的Java應用程式不受影響。路透社引述防毒軟件公司的報告指,去年逾半數網絡攻擊涉及Java,黑客循Java漏洞入侵用戶電腦,第二常用入侵途徑是透過Adobe Reader,佔28%。

本港政府資訊科技總監辦公室早前建議市民,在軟件商提供修補程式前,停用瀏覽器的Java功能,只在政府或銀行等可信網站有需要使用Java時才暫時啟動。香港保安事故協調中心指,黑客可在有Java漏洞的網站植入黑客程式,連網主也未必知道。當網民瀏覽網頁時,黑客程式會自動啟動盜取密碼控制網民電腦,或將電腦內的資料加密,向機主勒索金錢。
離線火鳳凰
發帖
91264
好友元
54168
閱讀權限
91264
貢獻值
2
只看該作者 16  發表于: 2013-01-14
唔用 java 即係叫我唔好做野……

好!咁就乘機放假放到過完農曆年先算啦……
離線國球旗
發帖
206381
好友元
50
閱讀權限
206381
貢獻值
13
只看該作者 17  發表于: 2013-01-14
回 火鳳凰 的帖子
火鳳凰:唔用 java 即係叫我唔好做野……
好!咁就乘機放假放到過完農曆年先算啦……[表情] [表情]  (2013-01-14 12:26) 

係咪先,係就搵晚食 DINNER 再打夜波,我要儲假去旅行,呢幾個月都唔會放閒日。
離線火鳳凰
發帖
91264
好友元
54168
閱讀權限
91264
貢獻值
2
只看該作者 18  發表于: 2013-01-14
回 國球旗 的帖子
國球旗:係咪先,係就搵晚食 DINNER 再打夜波,我要儲假去旅行,呢幾個月都唔會放閒日。[表情] (2013-01-14 12:39) 

等我研究下係唔係真係唔用得 java 先……
離線freezefox
發帖
161183
好友元
361917
閱讀權限
260825
貢獻值
13
只看該作者 19  發表于: 2013-01-14
回 國球旗 的帖子
國球旗:係咪先,係就搵晚食 DINNER 再打夜波,我要儲假去旅行,呢幾個月都唔會放閒日。[表情] (2013-01-14 12:39) 

三月底前,我有8.5 日假要清哂佢………


YFF 已死!!這是 Fantrax 的新時代!!
離線freezefox
發帖
161183
好友元
361917
閱讀權限
260825
貢獻值
13
只看該作者 20  發表于: 2013-01-14
回 朗尼 的帖子
朗尼:暫時唔好係網上做與金錢、重要密碼(例如銀行)等的行徑........ (2013-01-14 09:04) 

好困難………


YFF 已死!!這是 Fantrax 的新時代!!
離線TuNg
發帖
11145
好友元
29765
閱讀權限
11145
貢獻值
0
只看該作者 21  發表于: 2013-01-16
已經出左更新修正返
離線智者
發帖
14653
好友元
46535
閱讀權限
37357
貢獻值
2
只看該作者 22  發表于: 2013-01-16
client 用既java先有事(我淨係知馬會/稅局仲用緊,load果時會出現java既logo),其他時間根本好少用
server 用java好似無問題(銀行,load果時唔會有logo出)
[ 此帖被智者在2013-01-16 18:59重新編輯 ]
  
離線迪克
發帖
42896
好友元
7088
閱讀權限
120318
貢獻值
14
只看該作者 23  發表于: 2013-01-16
回 TuNg 的帖子
TuNg:已經出左更新修正返 (2013-01-16 16:31) 

係咪要自己update?
只愛足球
離線ab34
發帖
17725
好友元
0
閱讀權限
17729
貢獻值
0
只看該作者 24  發表于: 2013-01-16
回 迪克 的帖子
迪克:係咪要自己update? (2013-01-16 19:09) 

去官網個度更新
離線BVEsun
發帖
7256
好友元
15
閱讀權限
7256
貢獻值
1
只看該作者 25  發表于: 2013-01-17
uninstalled,
但對我完全 0 影響,
冇諗住裝返
離線火鳳凰
發帖
91264
好友元
54168
閱讀權限
91264
貢獻值
2
只看該作者 26  發表于: 2013-01-17
回 TuNg 的帖子
TuNg:已經出左更新修正返 (2013-01-16 16:31) 

http://www.nbcnews.com/technology/technolog/homeland-security-still-says-no-java-1B8000547

美國國安部仍然話唔掂……
離線火鳳凰
發帖
91264
好友元
54168
閱讀權限
91264
貢獻值
2
只看該作者 27  發表于: 2013-01-17
回 國球旗 的帖子
國球旗:係咪先,係就搵晚食 DINNER 再打夜波,我要儲假去旅行,呢幾個月都唔會放閒日。[表情] (2013-01-14 12:39) 

check 過下,應該係用佢既 plug-in web-based applications 先會有事,我做野果的係 desktop based 應該無事,所以應該可以繼續開工……
離線火鳳凰
發帖
91264
好友元
54168
閱讀權限
91264
貢獻值
2
只看該作者 28  發表于: 2013-01-17
大家最好都係 browser disable 左佢,或者剩係留 chrome 用佢會安全少少……

至於點樣 disable,可以跟下面既 steps 去做︰

Step 1: Find out which version of Java you're running. The easy way to do this is through the Java Control Panel -- if you can find it. Start by bringing up the Windows Control Panel (in Windows XP and Windows 7, choose Start, Control Panel; in Windows 8, right-click in the lower-left corner of the screen and choose Control Panel). If you see a Java icon, click on it. If you don't see a Java icon (or link), in the upper-right corner, type Java. If you then see a Java icon, click on it.

Unfortunately, there's a bug in at least one of the recent Java installers that keeps the Java icon from being displayed inside Windows Control Panel. If you can't find the Java icon, go to C:\Program Files (x86)\Java\jre7\bin or C:\Program Files\Java\jre7\bin and double-click on the file called javacpl.exe. One way or another, you should now see the Java Control Panel.

Step 2: Make sure you have Java Version 7 Update 11. In the Java Control Panel, under About, click the About button. The About Java dialog shows you the version number; if you've patched Java in the past few months, it's likely Version 7 Update 9, 10, or 11. (Don't be surprised if Java says that it's set to update automatically, but doesn't. I've seen that on several of my machines.) If you don't have Java 7 Update 11, go to Java's download site, and install the latest update. You have to restart your browser for the new Java version to kick in. Personally, I also reboot Windows.

Warning: Oracle, bless its pointed little pointy thingies, frequently tries to install additional garbage on your machine when you use its update site. Watch what you click.

Step 3: Decide if you want to turn off Java in all of your browsers. That's certainly the safest choice, but some people have to use Java in their browsers from time to time. Personally, I don't disable Java in all of my browsers (more about that in a moment).

Step 4: To turn off the Java Runtime in all of your browsers, from inside the Java Control Panel, click or tap on the Security tab, then deselect the box marked Enable Java Content in the Browser. Click or tap OK, and restart your browsers (or better yet, reboot). From that point on, the Java Runtime should be disabled in all of your browsers, all of the time. To bring Java back, repeat the steps and select the box marked Enable Java Content in the Browser (the setting should, in fact, say "Enable Java Content in All of Your Browsers").

Step 5: If you don't want to turn off Java in all of your browsers, choose the one browser you wish to leave Java-enabled. For me, that's an easy choice: By default, recent versions of Chrome prompt before running Java on a specific page, so I turn off Java in all of my browsers except Chrome. That way I can use any of my browsers for general Internet work without fear of getting Javanicked. If I absolutely have to go to a website that requires Java, I'll fire up Chrome specifically for that purpose.

Step 6: If you haven't turned off Java in all of your browsers, turn off Java in each of your selected Java-free browsers. In Internet Explorer 9 or 10, click on the gear icon in the upper-right corner and choose Manage Add-Ons. Scroll down to the bottom, under Oracle America, Inc., select each of the entries in turn; they'll probably say "Java(tm) Plug-In SSV Helper" or some such. In the lower-right corner click the button marked Disable. Restart IE. At the bottom of the screen, you'll see a notice that says, "The 'Java(tm) Plug-In SSV Helper' add-on from 'Oracle America, Inc.' is ready to use." Click Don't Enable. If you get a second notice about a Java add-on, click Don't Enable on it, too. That should permanently disable Java Runtime in IE.

In any recent version of Firefox, click the Firefox tab in the upper-left corner and choose Add-Ons. You should see an add-on for Java(TM) Platform SE 7 U11. Click once on the entry, and click Disable. Restart Firefox.

In Chrome, type chrome://plugins in the address bar and push Enter. You should see an entry that says something like "Java (2 files) - Version: 10.7.2.11" Click on that entry and click the link that says Disable. Restart Chrome.

Step 7: Test. Make sure the browsers are/aren't running Java, according to your wishes, by running each of them up against the Java test site. If you go to that site using Google Chrome, there better be a big yellow band at the top of your screen asking permission to run Java just this once.

Selectively disabling Java in your browsers isn't particularly easy, but it's a worthwhile step that everyone -- absolutely everyone -- should undertake. Right now.

http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
離線Gabriel
發帖
28309
好友元
30039
閱讀權限
28309
貢獻值
0
只看該作者 29  發表于: 2013-01-17
Re:美國安部警告:Java爆重大安全漏洞  (16/1:修正已出,請自行更新)
成個正苦好多APPLICATION都係用JAVA

仲要係java 6