What about Homeland Security warning about Java?

Similar Messages

• Dept of Homeland Security Warning re Java

  Should I disable Java?

  Graham Perrin wrote:
  … the latest exploit affects all versions of Java.
  No. That's incorrect.
  Please follow the link given in my first post.
  There was disagreement between two government agencies and several testers all weekend over whether Java 4 through 6 was involved or not, but today they decided to take Oracle's word for it that it is only  Java 7.
  Now the issue is whether or not everything is fixed. See http://www.kb.cert.org/vuls/id/625617 and http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two .html.
  Bottom line: "Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11."

• WS endpoints restricition: What about java.util.Locale etc.?

  We have some problems with the restrictions for WS endpoints.
  Using SAPNW Developer Studio to create a web service including the virtual interface from a stateful session bean, we are not allowed to use usual types like java.util.Locale or java.util.Properties although they are serializable.
  This is also decribed in the SAPNW DS Help:
  "The following types are not allowed anywhere in the endpoint of a Web service:
  ·        Remote objects (EJBs)
  ·        Classes extending into another class and implementing an interface
  ·        Hashed table-like types
  ·        Classes/objects that cannot be serialized"
  So what is the preferred solution for this issue?
  Is there a way to use the serializable java.util.Locale type in a WS endpoint, or do we have to use its String representation?
  What is the preferred solution for hash-table types like Properties? And what about Interface types like Map?
  Maybe we just do not find the decisive documentation link?
  Thanks a lot,
  Dirk
  Edited by: Dirk Weigand on Nov 20, 2008 8:48 AM
  Moved to "Application Server - Java Programming"

  Question moved to "Java Programming"

• What about Java????

  hai,
  in C++ by Strostroup Book, I noticed the following.
  char aplphabet[]="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
  can be replaced by the declaration(for readability)
  char aplphabet[]="abcdefghijklmnopqrstuvwxyz"
  "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  What about in Java?? (is there any such method?)
  don't say that, anwer is
  String alphabet = "abcdefghijklmnopqrstuvwxyz"
  + "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  because this statement is compiled like this
  String alphabet = new StringBuffer("abcdefghijklmnopqrstuvwxyz").append("ABCDEFGHIJKLMNOPQRSTUVWXYZ").toString();
  which creates unnecessarily two more Objects in JVM.
  I think there is no such provision in Java like C and C++.
  santhosh

  schapel is right, according to jls,
  String alphabet = "abcdefghijklmnopqrstuvwxyz"
  + "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  and
  String alphabet ="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
  have to generate same byte code.

• What happened to security.warn settings in about:config. They are missing in FF25. Please help!!

  Hi,
  I'm upgrading from Firefox 15 to Firefox 25.
  I used to be able to set the following security warnings in about:config.
  security.warn_entering_secure
  security.warn_entering_weak
  security.warn_leaving_secure
  security.warn_submit_insecure
  security.warn_viewing_mixed
  Not anymore. Looks like these are missing from Firefox 25.
  Please help!! Urgent.
  Thank you.
  Sr.

  the warnings about entering/leaving a secure site are totally gone, you'd have to look out for the security indicator at the start of the address bar to get that information about a site: https://blog.mozilla.org/ux/2012/06/site-identity-ui-updates/
  <br>or use an extension like this one for better visibility: https://addons.mozilla.org/firefox/addon/safe/
  the warning dialog about submitting data over an insecure channel at a secure site should still be in place...

• NW MI 7.1 has only ABAP stack. what about JAVA stack ?

  Hi,
  Recently i installed NW MI 7.1 EHP1 system. It has only ABAP stack. But for MI configuration i hope we require JAVA stack too.
  Hence can we use some other standalone JAVA system for the MI front end configuration ? If so please tell me what are the usage types are required for that Standalone JAVA.
  Thanks & Regards,
  Bala

  Hi,
  EPC or standard AS Java usage types would be required for MI configuration.
  Suggest you to go through the Master guide at https://service.sap.com/~sapidb/011000358700000391152007E.pdf
  Also more info at http://service.sap.com/instguides ->SAP Netweaver -> Netweaver Mobile 7.1
  Regards,
  Srikishan

• What about javai.lib?

  I have tried to realize the example of the tutorial at http://java.sun.com/docs/books/tutorial/native1.1/invoking/invo.html (Invoking the Java Virtual Machine). But it does't works.
  anyone can tell me what means javai.lib, it's javai.dll or what?
  Where do I can download it eventually?
  I'm working on Win'98 and winNT platforms and my SDK is jdk1.1.3 and jdk 1.1.2 respective.
  thanks

  Are you really working with jdk1.1.3, such an old version? I guess you mean jdk1.3, right? Because, as far as I know the javai.lib does exist in jdk1.1.x.
  Since jdk1.2 the javai.lib (javai.dll) is substituted by jvm.dll which is in jdkx.x/jre/bin/classic or jdkx.x/jre/bin/hotspot in the jdk.
  You have to link against jdkx.x/lib/jvm.lib and set your path variable so that it include the jvm.dll.
  Here is an link that describes the disappearing of javai.lib (dll):
  http://java.sun.com/products/jdk/faq/jni-j2sdk-faq.html#javai
  I hope the things I told are correct, coz I'm also new to JNI.
  Robert

• What about support JavaScript?

  Wow!
  Many thanks for this great App!
  I'm waiting for years!
  So, my question is: what about java support?? sure, its dangerous! any doubts?
  thanks
  Michael
  p.s. hope its the first step for flash on ipad/iphone!

  I had gone through most of that tech note, but hadn't renamed
  the configuration folder - sort of stopped after I couldn't
  uninstall my extensions. So now I did unstall the extensions
  (thanks for that tip!!), which didn't help; then renamed the the
  configuration folder - and voila! it worked. I've done this before
  for a similar problem, guess I should clean out all the old config
  folders out there. Thanks for that. Shows me I must complete the
  tasks given - just didn't quite believe that this was the problem
  being addressed by the tech note.
  Thanks for the help!
  Averill

• Disable Java Security Warning: Allow access to the following application from this web site?

  Dear all,
  When I open web intelligence with BI launchpad, this warning has been shown:
  "The web site is requesting access and control of the Java application shown above. Allow access only if you trust the web site and know that the application is intended to run on this site.
  Allow access to the following application from this web site?"
  and it has just three button of "Yes", "No" and "Help".
  I go to Java Control Panel and Security tab, then set security level on the "Medium" and add my site in the Exception Site List but this warning is shown each time I open web intelligence.
  I have searched the internet very much but I haven't found any solutions for disabling of it. How can I disable this security warning?
  Java version 7 update 67
  windows XP
  SAP BusinessObject BI Platform 4.1 Support Pack 4 Patch 2
  best regards,

  Hello,
  We have the same issue with BI4.1 SP3 FP3.
  Can anyone help us ?
  Nawale.

• What generation of programming language is JAVA

  For C is 3GL.
  Then what about JAVA?
  Thank you

  1.The 1stGL or first-generation language is machine language, strings of 1's and 0's that make the whole system work!
  2.2GL or second-generation language is assembly language. A typical 2GL instruction looks like this: ADD 12,8
  3.3GL or third-generation language is a "high-level" programming language, C or Java. A Java language statements look like this:
       public boolean handleEvent (Event evt) { switch (evt.id) { case Event.ACTION_EVENT:
  { if ("Try me" .equald(evt.arg)) { A compiler converts the statements of a high-level programming language into machine language.
  4.4GL or fourth-generation language is designed to be closer to natural "spoken". A 4GL language statement might look like this: EXTRACT ALL CUSTOMERS WHERE "PREVIOUS PURCHASES" TOTAL MORE THAN $1000 5.5GL or fifth-generation language is programming that uses a visual or graphical development interface to create source language that is usually compiled with a 3GL or 4GL language compiler.

• About Java Security

  Hi...I wrote a simple java class and want to execute it through script. I read about this security stuff to take care of. If I run my java class as a standalone application, there is no problem. But when executing it as an applet, I get huge chunk of errors. Then to debug the errors, I tried running the standalone application with security manager i.e.Run with same security as applet
  java -Djava.security.manager MyClass
  java -Djava.security.debug=help MyClass
  I have a few questions:
  1. If running the application with security manager has no problem does it mean that I will be able to execute the applet without problem? I noticed that though I can resolve the error in standalone application but I am still seeing errors when run as an applet.
  2.Can someone tell me what is the difference between signing a jar file and creating access rights using policy tool? I thought Java Plug-in is meant to ensure uniformity in security deployment so does it mean that creating access rights using policy tool is sufficient? Is there still a need to import certificates into browser?
  A million thanks!

  If you are really running the application with the same security manager as an applet uses, then yes, whatever you can do in the app would work in the applet.
  The signed jar provides a way of securing the jar file so that it can be determined that it comes from a trusted source and that the file hasn't been altered. Using a security policy to allow it to do normally disallowed actions does not provide that kind of security. The plug-in does provide uniformity (given the same JVM version) for many things, so one need not deal with bugs in a browser's built-in JVM (if one exists).
  I would recommend using the signed applet anyway, because to do the security policy thing, the user has to alter it on their system. I don't believe you can just provide it with the applet itself, otherwise that's not a very secure system.

• Security warning popped up in dreamweaver about flash player

  I had the trial version of DW cs4 installed. I purchased CS4 design premium that packages dw, fireworks, flash etc. Last night I instaled it on my computer.
  This morning while working in DW I embedded a YouTube video and received this security warning:
  Adobe Flash Player has stopped a potentially unsafe operation.
  The following local application on your computer or network:
  C:\Users\Videos\index.html is trying to communicate with this Internet-enabled location:
  s.ytimg.com
  To let this application communicate with the internet, click settings. You must restart the appthe application after changing your settings.
  Does anyone know what this means? Should I allow the communication with s.ytiming.com

  This warning is talking about the Flash Global Security Settings Manager. This is not a virus but rather a very common security step related to allowing Flash to connect to the Internet while testing on your local machine. This only occurs during testing on your local machine and does not come into play when that same Flash object is on the Web page on the server.
  The Settings Manger allows you to "approve" connecting to the Internet for a particular Flash object.
  http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.htm l
  So go to the Settings Manager, Click "Edit Locations" or "Add Location" and browse on you computer for the Flash file that you are giving permisssion to connect to the Internet. Each Flash object that attempts to access the Internet will need to be given permission separately.
  Kind of a pain... or just upload your Flash to the server and test from there, then it's not an issue.
  Best wishes,
  Adninjastrator

• What to do about Java?

  I just updated my old iMac(10.7.5), and it included a Java update. What should I do about Java? I have it disabled in Safari and Firefox at the moment for security reasons. So do I leave everything as is or do I need to uninstall java? Help.

  JazzmanJohn wrote:
  So are you saying to ignore the latest update and leave it disabled?
  If it were me I would always keep it up-to-date in case I find some day that I must enable Java to do a critical task. That would not be the time to try and figure out if it's up-to-date or not.
  That being said, there are somewhere between five and eight new vulnerabilities in that latest update.
  To keep track of that watch this site http://java-0day.com periodically.

• HT5246 What about users with Java installed?

  What about users who have Java installed? Do they not need to run this program? Why?

  The flashback malware removal tool is included in the latest security update. If you've downloaded all your updates, it's been installed and if you got no message you had no malware.

• HT3662 What about TOO MUCH SECURITY???

  What about TOO MUCH SECURITY???  I always played the SET puzzle in the New York times, which required the Java plug in.  No problem, until I installed Mountain Lion, which I am beginning to REGRET.  After installing the new OS, the NYT game page required that I install the newest version of Java.  Now I'm completely frozen up when I try to play my puzzle.  Just the stupid Java icon, with the squares circling endlessly around the coffee cup.  It went on for an hour, and I finally gave up.  I have to restart everything before I can use the browser again.  Any suggestions??

  Is playing that game worth the extreme security risk of having Java enabled in your web browser? Are you aware that Java is currently vulnerable, allowing a web site to install malware on your machine without any user interaction required? Further, that has been the case for 25 days (this time), with no fix available yet. And that's just the latest incident... Java has been involved in getting the majority of Mac malware installed over the last year.
  For more information, see:
  Java is vulnerable… Again?!
  http://www.thesafemac.com/tag/java/