Maybe online banking with banks that require Java is just not for you
Security researchers have spotted a surge in attacks against online banking customers, thanks to a new strain of Java-exploiting Trojan Caphaw (aka Shylock). Over the last month or so the malware has targeted customers in at least 24 financial institutions, including Bank of Scotland, Barclays Bank, First Direct, Santander …
Bl00dy Minecraft. A horribly, blocky, ****y pile of total and utter ****. And they add injury to insult by doing it in f***ing Java.
Writing minecraft in Java was a bit like making car from twigs. Technically it is impressive feat of endurance and determination, but the resultant product is still a misbegotten load of old rubbish.
Most people do not need Java, the safest thing is to deinstall it. If you're a techy then there's a good chance that you might need it from time-to-time, but you always help to mitigate against threats with Firefox + NoScript.
Keeping Java up-to-date is essential but also futile. There's usually an unpatched vulnerability in it. It really is a heap of crap.
It will hit the IT-literate harder: In any work environment there will be some kind of enterprise (like the starship, flaky, prone to exploits/explosion or ejecting cores) software that requires java and must be used - Or Else!
The IT-literates blood pressure will be elevated more by this than the IT-illiterates.
This post has been deleted by its author
I would be far happier upgrading Java if it wasn't that each time I have to remember to un-select Ask.com and then spend days trying to remove the mess it makes of my browsers.
I didn't realize Larry was so hard up that he still needed the $4.50 he got for every install of this little bugger
Minecraft DOES require Java, but does not require it to be installed in your browser. I have the Java plugin for Firefox disabled and Minecraft runs quite happily outside under the 64-bit JVM. The plugin only gets enabled on the rare occasions I run browser-based Java apps (for molecular biology).
Why the hell doesn't the pseudo random domain name generation make it easy for law enforcement? Once you have the virus, you know all the command and control domains it will ever use. You can contact the registrars with the list, and tell them to forward any requests for those domains to law enforcement who can then attempt a sting.
You could also offer a public blacklist for firewalls and DNS servers to use.
What a retarded article, for an obsolete version of Java!
The only JRE which should be installed on a machine and registered as a browser plugin currently is for Java 1.7, if you are running an older version (1.6 or earlier), because you ignored the JRE updater prompts, then complain when you get owned; you are a moron! If you run OS-X and Apple don't do timely update releases, blame Apple; same for other poorly supported OS.
If any website requiring client side Java, including an intranet site, won't run with Java 1.7, flame the retarded owners, and blacklist it until it can. Website owners who require client side Java should ideally host only Java 1.7 compiled code, to force users to upgrade from unsafe versions.
I am a Java developer who has to support Java 1.5 and 1.6, due to lazy software houses and cheap customers; however I only have the SDK installed for these, /never/ the JREs; the later would be retarded!
I have had a Java browser plugin installed for many years, but keep it up-to-date (1.7.0_40), so never get hit, and have never had issues with web sites using client hosted Java; so I regard Java slammers as trolls.
A minor correction. The 64 bit version of Java has never had an automatic updater to notify the user of available upgrades. Users have to manually download and install the update. Simple but Tedious I'm shure and apparently too much for most. Another Oracle FAIL.
Biting the hand that feeds IT © 1998–2021