Re: Kronos + Java

[Steve Brukbacher <sab2 () UWM EDU>]

We were never able to really solve this problem either.  We don't use 
Kronos any longer (thank goodness).  It was very disappointing that the 
vendor did not do their part to help us keep our community secure.


--
Steve Brukbacher, CISSP
Information Security Officer
University of Wisconsin Milwaukee
Information Security Team
www.security.uwm.edu
Direct Phone: 414.229.2224
Security Office: 414.229.1100

On 4/11/12 10:39 AM, David Shettler wrote:
> We are encountering a series of problems with our timecards vendor
> Kronos and Oracle's latest Java release.
>
>
> Java 1.6_31 causes sporadic problems in Kronos. Kronos support has
> proposed the solution that we down-rev java on client workstations until
> they release their new version which will happen "soon". 1.6_31 has been
> out since February. We're not willing to put hundreds of Kronos users'
> at risk by down-reving Java given the prevalence of malware exploiting
> earlier versions on the web, we've been struggling to do just the
> opposite since February, but even if we were: Firefox has blocklisted
> any earlier versions, and Apple has deployed 1.6_31 to counter new
> mac-malware.
>
>
> Are other Kronos users experiencing this issue? Are you permitting
> down-reving of java? Are you applying pressure on Kronos? We're hitting
> a brick wall with them, and their proposed solution seems archaic.
>
>
> Thank you kindly,
>
>
> David Shettler
>
> Information Security Officer
>
> College of the Holy Cross
>
>
> ------------------------------------------
> ITS will _*never*_ request your password via email.