Educause Security Discussion mailing list archives
Re: Kronos + Java
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Wed, 11 Apr 2012 18:06:30 +0000
Maybe we could collectively lean on Kronos? They suggested this to us as well, and it's completely unacceptable behavior (IMHO) for a company whose product deals with this type of information to have such a casual attitude towards security.
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Pirolo Sent: Wednesday, April 11, 2012 12:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Kronos + Java Not familiar with Kronos, but have you explored installing multiple versions of Java on the computer? Some apps let you specify the java folder, either through a config file or in the registry. David Pirolo Warner Pacific College On Wed, 2012-04-11 at 11:39 -0400, David Shettler wrote:We are encountering a series of problems with our timecards vendor Kronos and Oracle's latest Java release. Java 1.6_31 causes sporadic problems in Kronos. Kronos support has proposed the solution that we down-rev java on client workstations until they release their new version which will happen "soon". 1.6_31 has been out since February. We're not willing to put hundreds of Kronos users' at risk by down-reving Java given the prevalence of malware exploiting earlier versions on the web, we've been struggling to do just the opposite since February, but even if we were: Firefox has blocklisted any earlier versions, and Apple has deployed 1.6_31 to counter new mac-malware. Are other Kronos users experiencing this issue? Are you permitting down-reving of java? Are you applying pressure on Kronos? We're hitting a brick wall with them, and their proposed solution seems archaic. Thank you kindly, David Shettler Information Security Officer College of the Holy Cross ------------------------------------------ ITS will never request your password via email.
Current thread:
- Kronos + Java David Shettler (Apr 11)
- Re: Kronos + Java David Pirolo (Apr 11)
- Re: Kronos + Java Roger A Safian (Apr 11)
- Re: Kronos + Java David Shettler (Apr 11)
- Re: Kronos + Java Roger A Safian (Apr 11)
- Re: Kronos + Java Embry, Randall Paul (Apr 11)
- Re: Kronos + Java Roger A Safian (Apr 11)
- Re: Kronos + Java David Pirolo (Apr 11)
- Re: Kronos + Java Steve Brukbacher (Apr 11)
- Re: Kronos + Java David Grisham (Apr 11)