I am betting you intentionally skip over the hidden tidbit in his question.
“If a user gets a message from the Java updater, should they accept it…” What kind of user can install a Java update? ☺ From: Ziots, Edward [mailto:[email protected]] Sent: Friday, September 07, 2012 11:54 AM To: NT System Admin Issues Subject: RE: Java vulnerability Q I would semi-trust the java updaters, but honestly, I would be pushing java 7 version 7 if you have a centralized platform for software updates. And if you don’t need java on your systems for functionality, remove it altogether. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> From: David Lum [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Friday, September 07, 2012 11:37 AM To: NT System Admin Issues Subject: RE: Java vulnerability Q Thanks. If a user gets a message from the Java updater, should they accept it if it’s verified from Oracle, or is that potentially an exploit? From: Ziots, Edward [mailto:[email protected]] Sent: Friday, September 07, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Java vulnerability Q Most times it’s a keylogger or other malicious code downloaded from multiple sources that will hook processes inject into other processes (legit) and try to remain persistent. If you can disable java invocation in the Internet Zone, which will stop the drive-by’s for the time being. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> From: Kennedy, Jim [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Friday, September 07, 2012 11:14 AM To: NT System Admin Issues Subject: RE: Java vulnerability Q The exploit is used to drop code on the target. That is how most of the exploits that you hear about are used. It isn’t that I use Java to get your password….I use Java to drop a keylogger on your box to get your password…for example. So you are looking for what they dropped. From: David Lum [mailto:[email protected]] Sent: Friday, September 07, 2012 11:09 AM To: NT System Admin Issues Subject: Java vulnerability Q If a system has been compromised by the latest Java exploit – how would someone know? What would you look for? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
