Author Topic: JAVA security threat - What about EPC with no JAVA?  (Read 4978 times)

Tomnistuff

  • Full Member
  • Gold
  • *****
  • Canada, Qc, Levis
  • Posts: 947
JAVA security threat - What about EPC with no JAVA?
« on: January 13, 2013, 00:34:45 »
Now that the US Government Dept of Homeland Security has advised everyone to disable JAVA, does anyone know what MB will do to support the Electronic Parts Catalog (EPC)?

Quote from Associated Press:
"The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.
The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts."

There are several stories that are being issued by the press.  I'm only smart enough or paranoid enough to delete JAVA but not quite smart enough to really know why.

Tom Kizer
Apparently late 1966 230SL 4-spd manual (Italian Version)
Owned since 1987 and wrapping up a full rotisserie restoration/modernization.
Was: Papyrus White 717G with Turquoise MBtex 112 and Kinderseat
Is: Dark Blue 332G with Dark Blue Leather (5300, I think)

Tomnistuff

  • Full Member
  • Gold
  • *****
  • Canada, Qc, Levis
  • Posts: 947
Re: JAVA security threat - What about EPC with no JAVA?
« Reply #1 on: January 13, 2013, 20:44:30 »
I sent off an email to the people running the EPC - I just logged into EPC and clicked `Contact Us`.  They`ve promised to get back to me within two days.
Tom Kizer
Apparently late 1966 230SL 4-spd manual (Italian Version)
Owned since 1987 and wrapping up a full rotisserie restoration/modernization.
Was: Papyrus White 717G with Turquoise MBtex 112 and Kinderseat
Is: Dark Blue 332G with Dark Blue Leather (5300, I think)

Peter van Es

  • Honorary Member
  • Platinum
  • ******
  • Netherlands, North Holland, Nederhorst Den Berg
  • Posts: 4074
Re: JAVA security threat - What about EPC with no JAVA?
« Reply #2 on: January 16, 2013, 12:12:17 »
If you need Java, they recommend enabling it only for those sites that you trust. For Macintosh owners, an excellent work-around is published here: http://www.tuaw.com/2013/01/11/a-reasonable-response-to-java-security-problems/

Peter (your resident IT expert)
1970 280SL. System Admin of the site. Please do not mail or PM me questions on Pagoda's... I'm not likely to know the answer.  Please post on the forum instead!

Tomnistuff

  • Full Member
  • Gold
  • *****
  • Canada, Qc, Levis
  • Posts: 947
Re: JAVA security threat - What about EPC with no JAVA?
« Reply #3 on: January 16, 2013, 16:45:15 »
...they recommend enabling it only for those sites that you trust...

Peter, referring to my first post, enabling it only for sites I trust is one of those things that I`m not quite smart enough to know how to do.  Is it difficult?  I`m using Mozilla Firefox because it allows me to control cookies easier and has private browsing which, I think keeps me from being watched by advertisers and other thieves.  Of course, I`m probably wrong about that too.  Anyway, I`m not married to Mozilla Firefox, if there is a better browser I can download.

Tom Kizer
Apparently late 1966 230SL 4-spd manual (Italian Version)
Owned since 1987 and wrapping up a full rotisserie restoration/modernization.
Was: Papyrus White 717G with Turquoise MBtex 112 and Kinderseat
Is: Dark Blue 332G with Dark Blue Leather (5300, I think)

jacovdw

  • Guest
Re: JAVA security threat - What about EPC with no JAVA?
« Reply #4 on: January 16, 2013, 18:11:33 »
Tom,

Apparently Oracle has released an update for the Java run-time environment (java 7 update 11) on the 13th to address SOME of the issues.
With the older versions of the JRE (java run-time environment) you would find a plug-in in the Firefox browser, which is now absent with update 11.

I'm using Firefox as well (version 18.0) and with the updated JRE have successfully used the EPC last night as a test.
Whether the security is as better as they claim it to be remains to be seen.

On the other hand, would our computers/browsers/operating systems ever be 100% safe?

Tomnistuff

  • Full Member
  • Gold
  • *****
  • Canada, Qc, Levis
  • Posts: 947
Re: JAVA security threat - What about EPC with no JAVA?
« Reply #5 on: January 17, 2013, 19:06:41 »
I am still waiting for MB (EPC people) to reply to my inquiry about JAVA, but here`s what I`ve done so far.
1.  Deleted JAVA 6.0
2.  Downloaded and installed JAVA 7,0 version 11
3.  Upgraded to Mozilla Firefox 18
4.  Disabled JAVA in the JAVA Control Panel except when I want to use the EPC (Search JAVA in the Windows Control Panel then click on the JAVA Icon that pops up  to open the JAVA Control Panel, then click on the Security tab to find the little box at the top of the window to enable and disable JAVA).
5.  Wrote myself a sticky note to remind me to enable JAVA in the Control Panel when I want to use EPC then disable it when I`m done.

I also verified that EPC does not work when JAVA is disabled and does work when JAVA is enabled in this fashion.

I don`t know if this is any better than just crossing my fingers, but at least I feel more secure.  I hope to get a MB answer soon.

Peter and Jacovdw, thanks for the advice.

Tom Kizer

Apparently late 1966 230SL 4-spd manual (Italian Version)
Owned since 1987 and wrapping up a full rotisserie restoration/modernization.
Was: Papyrus White 717G with Turquoise MBtex 112 and Kinderseat
Is: Dark Blue 332G with Dark Blue Leather (5300, I think)

jacovdw

  • Guest
Re: JAVA security threat - What about EPC with no JAVA?
« Reply #6 on: January 18, 2013, 13:47:44 »
Tom,

What you have done pretty much sums up the whole process.
Don't think that there is much else to do about the whole thing.

I guess we have to wait and see when Oracle provides the necessary patches/updates to fix ALL the alleged loopholes.

Would be interesting to hear what MB has to say about the whole thing, assuming they are aware of the security problems...

On a side note, here is some information from Oracle for those that are interested:

http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html

« Last Edit: January 18, 2013, 13:55:10 by jacovdw »