Is Linux vulnerable to Java drive-by exploits? Another computer I run on windows 7 just notified me that it was infected through Java, and I'm wondering if my Linux box (ubuntu 10) with Java installed is vulnerable.
View 1 RepliesRecently I had a Java exploit on Windows. Luckily Microsoft Security Essentials identified and removed it. Such things can happen on Linux as well, from what I've heard. Why does Linux offer no such detection?
View 14 Replies View RelatedI've heard of attacks using PDF files on Windows with Adobe Acrobat and Foxit Reader. Is Linux vulnerable to these attacks when using the default PDF viewers in KDE or Gnome or even xpdf? What is a good PDF scanner to determine if a PDF file is evil?
View 2 Replies View RelatedI've just installed java (jre-6u21-linux-i586.bin) on Red Hat 4.4 AS and issued this command to check the java version: java -versionand got :bash :java: command not found
View 4 Replies View RelatedMy laptop is beginning to show its age so it may be time for a new PC soon, and most likely it'll come with Windows 7 preloaded. I currently run a dual boot with Lucid and Windows XP, and although I hardly use XP anymore I would repeat this configuration on the new PC. So now I'm wondering if Windows 7 is any less vulnerable to viruses and malware than its earlier predecessors because I don't plan to renew any virus checking software that may come with it.
View 9 Replies View RelatedI recently re0instralled and update ubuntu 10.04 LTS. After installing and running debsecan, I found ALOT of problems. Does anyone have experiance with this tool?
View 2 Replies View RelatedI installed lampserver and took measures to see that apache would only serve 127.0.0.1 (Which appears to be a software switch as ipconfig says it's port is still "Open")
Mysql however, could be vulnerable: Do I need to secure it or does it only serve localhost? If so, how do I secure it?
Does anyone know any common apache 2.2 exploits and how to stop them? I am setting up a web server and want it to be secure as possible. I currently have a basic lamp server on a ubuntu server.
View 1 Replies View RelatedI have been reading about this new Firefox extension that can grab Twitter account information of computers connected to unprotected networks. Info: url
I occasionally have to connect to public, unprotected, WiFi networks and use Twitter via Gwibber. So, here is my question: is Gwibber vulnerable to Firesheep in an unprotected network? Is there a way of protecting it from this attacks? (I know that using https stops Firesheep attacks to the web version of Gwibber, but i don't think if this method is possible or applicable to Gwibber)
When there is an exploit in the kernal, can the iptables firewall get bypass? If yes,how do you know? Otherwise how can you find out.
View 9 Replies View RelatedI have some questions about security
1> are the flash exploits are of any use to a Linux operating system like Ubuntu etc. ?
2>are the Microsoft office exploits any risk to libreoffice or open-office software suites?
3>are there exploits for Linux , open-office and libreoffice ?
A few days ago I installed F12 and it was working fine very well up until today when I booted my computer from a perfect working order state yesterday to this. Well my wireless was still being sniffed and slowed down to dial up speed but what's new thats been consistant for at least 3 months I can't really do much about it since my brother doesn't like changing the password.
I recently logged onto my new fedora 12, 64-bit, system encrypted (all partitions effected by install), selinux enforced install to find myself in tty4 and some "other" users logged on to the other terminals. My folders would have lock icons on them after opening, my notication menu/toolbar crashed and hasn't returned on system reboot, some data transfers between removable storage returned input output errors while others worked fine(?). I also recieved this kernel bug output from the bug reporting tool but I have no idea what it means.
Also I was not loose with the security either I had removed unconfined login types (After setting up the system as I needed) meaning I couldn't even run root or sudo and neither could anyone else (asfar as I was aware). I pretty much increased selinux to its maximum boolean strictness and limited the _default_(Me included) account to a user from a _default_ unconfined (to actually be able to log in with the selinux boolean in place). Meaning they "the exploiters" were able to bypass selinux as a user account? How is that possible and even if you do root logon is disabled by selinux too?
At the moment I'm on a live cd trying to look for a way to custimise them as it seems it may be my only option.
Just a side note you can't just log in to tty4 by default without actively taking up spaces either by other users or your own use. Meaning since the tty login is automated 3 terminals were in use tty1, tty2 and tty3.
Which commands should I run to find out what is being done?
Edit: Just had my F12 x64 live cd taken down twice and had to hard reset as the toolbar disappeared. Took a photo of the last error message. I was just reading a pdf and using firefox at the time.
Is fedora usually this easy to hack?
Java is installed in linux machine and when I enter the command java -version it shows java is not found.At the same time when i run from the folder where its installed with ./java -version it works.
first of all why its not working from any other place? also why do I need to give ./ from the folder?
Do Windows XP, Vista, Windows 7 and all Linux distributions have Java JRE installed so end-users don't have to install it to run Java applications?
View 4 Replies View RelatedIn the wake of all of the stories about the Windows DLL hijacking bug, it appears that certain Linux distributions may be vulnerable to a similar problem related to the way that Linux handles a specific variable in some cases. The bug apparently was introduced via a Debian patch last year.The discussion on the possible bug in Linux began with a blog post by Tim Brown, a UK-based security researcher, who detailed a specific case in which Linux could be vulnerable to an attack similar to those designed to exploit the Windows DLL bug. The post spawned a related discussion on the Full-Disclosure mailing list, in which several others confirmed that they'd seen the problematic behavior in certain Linux distributions, including Fedora, Ubuntu and Debian.
View 1 Replies View RelatedI have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
/cgi-bin/blocked.cgi?clientaddr=192.168.1.108&clientname=&clientident=&clientgroup=limitedaccess&targetclass= untrusted&url=http://adfarm.mediaplex.com/ad/fm/9608-84171-8772-2?
[code]...
I refrained from posting this in the Kernel Vulns thread earlier, due to its zero-day status. But now that the issue has been Slashdotted, there's no use in keeping us from publicly discussing this vulnerability. The link to the article (from which I quote below) is here. Brad Spengler's original announcement on the Dailydave mailing list is here.Quote:A researcher has published exploit code for a new vulnerability he discovered in the Linux kernel. The vulnerability is an especially interesting one in that the researcher who discovered it, Brad Spengler, has demonstrated that he can use the weakness to defeat many of the add-on security protections offered by SELinux and AppArmor.
View 9 Replies View RelatedCentOS using yum to update Exim. Exim is configured to not allow remote connections using the local_interfaces config option.My old version was 4.63-5.el5_5.2 and after using:
yum update exim
I'd like to set up a fileserver for myself and a few trusted individuals. I'm computer savvy and I use various linux servers frequently for work, but this is my first time trying to setup my own. Is it possible to have a Samba server setup so it is both secure and facing the Internet? Two questions:
Will opening Samba ports make my default Ubuntu server particularly vulnerable to penetration? More than having an SSH server running? Does Samba/ can Samba be configured to encrypt traffic or is it sent plainly? If so, does Windows and Mac support this secure communication?
If not, what would you suggest? I'd like to achieve something like a network drive and at a difficulty level that my parents could use this if they really wanted to. I will be storing things like financial information and tax returns, but no weapons-grade secrets.
I used Avast webfilter (proxied webtraffic through Avast) when running Windows. Sometimes Avast would alert and "protect" me from being infected by a compromised website. NOTE: Avast would alert even absent clicking any links. Just viewing the page could result in infection. Should I be running some kind of proxy webfilter for protection? My understanding is that Firefox can be compromised and this can in turn compromise Ubuntu.Are these kinds of threats specific to Windows running Firefox, or Firefox per se. If Firefox per se it seems like I need some sort of Proxy webfiltering like Avast provides.
View 9 Replies View RelatedI'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies View RelatedIf you are interested, Java SE 6 Update 24 is available. The Check Java Version link in my signature will tell you if you are up to date or not. The Update Java Version link in my signature will tell you how to obtain and install the latest version. The 32 bit version install directions are on the left side of that page and the 64 bit instructions are on the right side.
Just remember to remove the current version before installing the new one as it says in the instructions. The remove instructions are below the install instructions. Also, in Step 9 - "Now you'll want to tell the system, that there's a new Java version available." See the note below it that says if you get an error upon entering the command once, enter it a second time. I have to do that and sometimes forget. Just thought I would mention that. These instructions are already setup for version 6 update 24, but they can be modified for any update and they will work. I have been using these instructions for a couple of years and they work.
How to install java and firefox java plugin on Ubuntu 10.10?
View 2 Replies View RelatedI try to install the java plugin but the java test pages show not installed. I have tried the openjdk-6-jdk package and the Oracle/Sun 1.6.0_26 version to no avail.
Is there some good instructions page someplace? I have yet to find a set of instructions that provides something clear that works.
Code: ~ $ /usr/java/jre1.6.0_25/bin/java -showversion Error occurred during initialization of VMjava/lang/NoClassDefFoundError: java/lang/Object
That's the error I get. When trying to run a java app with the firefox plugin, the browser simply crashes if it's the 64bit java or tells me it's not installed if it's the 32bit version.
I'm at a loss as to what to do. I think it has something to do with leftover gunk from a previous version I misinstalled(Is that even a word?) Anyway, the only thing that google could come up with was a solution for windows which laid blame on Bill Gates for having a bunch of pf (java prefetch) files stuffed into c:windows for no apparent reason. The solution was to delete them, but I can't seem to find the java prefetch folder in linux. The method I used is downloading the rpm from java.com the rpm2tgz then installpkg then cp libnpjp2.so to firefox plugins folder.
This is my first post and I'm pretty new on Debian. I had used Ubunu for a while now and I've decided to move on Debian Squeeze.But I've one problem: I've a Java programm to install and the installer is GUI Java based. When I run the script, I've the next message:
Preparing to install. Extracting the JRE from the installer archive.Unpacking the JRE.Extracting the installation resources from the installer archive.Configuring the installer for this system's environment.Launching installer Graphical installers are not supported by the VM. The console mode will be used instead. Preparing CONSOLE Mode Installation. But this program is not able to run the installation in console mode.
I've tried to install sun-java6-jre but without success.Has anyone an idea to help me install this programm? My Configuration: Debian Squeeze 6.0 amd64.
After upgrading java (jre) to 1.6.0_19, the java plugin no longer loads into Firefox. All the rest of my plugins from /usr/lib/mozilla/plugins/ load fine.Java can be a pain such a pain the neck!
View 8 Replies View RelatedI have installed CENTOS / PHP 5.1.6 / JAVA 1.5.0_20. Now i want to install JAVABRIDGE for PHP and JAVA title should list in the PHP_info page.
View 1 Replies View RelatedIf I want to install Java on Ubuntu: which Java version should I take?
OpenJDK or Sun Java ?
What is mostly used on Ubuntu?
What are the pros and cons?
I would like to install JRE-6u25 on ubuntu.
When I go on the website I see only RPM and another download called:
linux self extracting. The file name for this one is: JRE-6u25-linux-i586.bin
It says to restart the browser after install.
I want to install java to play minecraft. I'm having some speed issues using openJDK.
Would the self extracting file work for minecraft standalone? (I tried playing in a browser without success).
Is using the self extracting file the same as using say the RPM?