PaulDotCom mailing list archives
Re: java: vulnerable by local JDownloader software?
From: Neil Cooler <kneel () digitaldefection net>
Date: Tue, 26 Mar 2013 16:11:47 -0400
The primary risk of Java vulnerabilities is drive-by attacks in the browser. The browser will usually execute any Java applet it is told to execute by the webpage. If you have it disabled in the browser, some vulnerabilities are still potentially exploitable, but the attack vector changes. Rather than entice you to click on a link that has the malicious Java file, or to set up a watering hole attack on a site you're likely to visit, the attacker has to find some way of getting you to download and execute his malicious file, which would involve significantly more social engineering, or he has to have local access to the system in order to run the file himself. At which point, you've most likely already lost. It is very unlikely that a tool like Jdownloader would be exposed to these types of vulnerabilities. You still should be concerned about any flaws inherent in the specific code written for Jdownloader and keep an eye on the NVD for known weaknesses as with any other client application. But the beef the Infosec industry has with Java is almost exclusively with Java applets running amok in the browser. On Tue, Mar 26, 2013 at 3:28 PM, Alex Kornilov <alex.kornilov3 () mail ru> wrote:
I run OS X with JDownloader, Eclipse and and a banking application written in Java. I didn't enable Java in Browser http://image.bayimg.com/48e06edc9c669851eb9928f6a43ffed13b8e7510.jpg Java has a lot of negative press about security. Am I at risk? Are all java vulnerabilities exploitable via web browser? Not local installed Java based application? How to harden/lock down my Java SDK? Alex _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- java: vulnerable by local JDownloader software? Alex Kornilov (Mar 26)
- Re: java: vulnerable by local JDownloader software? Neil Cooler (Mar 26)
- Re: java: vulnerable by local JDownloader software? Alex Kornilov (Mar 29)
- Re: java: vulnerable by local JDownloader software? Chris Campbell (Mar 29)
- Re: java: vulnerable by local JDownloader software? Alex Kornilov (Mar 29)
- Re: java: vulnerable by local JDownloader software? Neil Cooler (Mar 26)