Re: [Fed-Talk] JAVA RELATED ISSUES
Re: [Fed-Talk] JAVA RELATED ISSUES
- Subject: Re: [Fed-Talk] JAVA RELATED ISSUES
- From: Todd Heberlein <email@hidden>
- Date: Sun, 13 Jan 2013 20:10:57 -0800
Fewer Java drive-by attacks?
Security Alert for CVE-2013-0422 Released
https://blogs.oracle.com/security/entry/security_alert_for_cve_2013
> With this Security Alert, and in addition to the fixes for CVE-2013-0422 and CVE-2012-3174, Oracle is switching Java security settings to “high” by default. The high security setting requires users to expressly authorize the execution of applets which are either unsigned or are self-signed. As a result, unsuspecting users visiting malicious web sites will be notified before an applet is run and will gain the ability to deny the execution of the potentially malicious applet.
A little better I guess. Signed code will still run automatically apparently.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden