Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-01-22 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Remove old JRE!

Published: 2007-01-22
Last Updated: 2007-01-27 23:38:38 UTC
by Adrien de Beaupre (Version: 2)
0 comment(s)

As new versions of the Sun Java JRE keep coming out to address security vulnerabilities do NOT forget to remove the old versions. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run, update the applications and then update the JRE, and then remove the old JRE versions.  Why? A Java applet can request which version of JRE it wishes to use, that's why.


UPDATE 26/01/2007

Readers Jim and John both wrote in to let us know that  since 1.5.0_06 Sun has changed the way Applets and applications can specify the Java version to run.

More information here.

And here.

How to.

Corporate silent install/uninstall (Thanks Andrew!)

Active Directory Deployment.

BTW: "The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system"  released today. Either permanently disable Java AND Jscript in your browser(S) or keep as close an eye on JRE versions as you do Microsoft Windows patches.

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1

Cheers, Adrien de Beaupré

The US-CERT info linked to in the Diary says;
Systems Affected
Sun Java Runtime Environment versions
a.. JDK and JRE 5.0 Update 9 and earlier
b.. SDK and JRE 1.4.2_12 and earlier
c.. SDK and JRE 1.3.1_18 and earlier
Update at;
http://java.com/en/download/index.jsp

BSSI/Cinnabar

 

Keywords:
0 comment(s)

My CERT/SIRT...

Published: 2007-01-22
Last Updated: 2007-01-23 16:22:06 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

We probably all know the situation. It is when we reach out for help, to share information, or just to chat. At the other end you don't get that warm cosy feeling. Your National/Organizational/Local CERT/SIRT/CSIRT... doesn't appear to care or have time for you. They are supposed to support the constituency you represent, excepting that there seems to be a discrepancy in between how you perceive it and they do. What to do?

Option 1: Completely ignore them. Stop sending any incident data, stop answering their calls. You know it isn't the best way to behave but you don't feel you have a choice.

Option 2: Smile and nod. Slowly stop sending them any data, but politely answer their calls.

Option 3: Grin and bear it. Not the most fun option. Although you might not receive anything of perceived value in return you still feed data and hope for a better day.

You actually do have a choice, and I urge you to use it. Always voice your concerns to your local, organizational, association, national and law enforcement representation. They might not always immediately pay you back, but I do believe that good turns do pay back dividends.

Serge Responds:
I saw your diary entry about "Your National/Organizational/Local
CERT/SIRT/CSIRT" and feel this is only half the truth.

We operate a CERT for the Swiss Universities and for the government program MELANI (www.melani.admin.ch). In the later function we are the Swiss national CERT.
In that function we often get requests, from organizations that charge money for their services. Many of these request could be solved without our involvement. Having us look after this incident essentially means the requester has given us his homework to do, diverting our resources away from other important work. Usually we reply saying we are happy to help, if their attempts to fix the problem failed. Most of the time, having helped, we don't even get an acknowledgment and much less a "Thank you".

At other times we get very rather rude (automated?) request "To fix this", but never get a replay when asking back, what it is, that we should fix.

It always takes two to a tango. We are happy to help if we can and feel the request is something where we can make a difference. We have a hard time reacting, when we feel someone else is outsourcing his work to us, of course free of charge. That's a message you should get out too.

Sincerely
Serge Droz

 

Cheers, Adrien.

 

 

Keywords:
0 comment(s)
Diary Archives