Java: Disable your browser plug-in and update for safety.
Forum rules
Questions about Ren'Py should go in the Ren'Py Questions and Announcements forum.
Questions about Ren'Py should go in the Ren'Py Questions and Announcements forum.
- Blane Doyle
- Miko-Class Veteran
- Posts: 809
- Joined: Mon Dec 21, 2009 10:00 am
- Organization: Autumn Eclectic
- Location: Mountains
- Contact:
Java: Disable your browser plug-in and update for safety.
EDIT: SECURITY FIX UPDATE AVAILABLE.
http://news.cnet.com/8301-1009_3-575637 ... erability/
You can also simply download it from the main site.
Java screwed up.
Short version: As RenPy kinda needs Java for some people, uninstalling it may be a bit extreme so disable it in your browsers. All of them. Now. SERIOUSLY.
Long version: Java screwed up and now it has a massive security flaw. Just typing Java into Google will pull up the full story, but basically? The GOVERNMENT is telling users to disable or uninstall Java. Like right now. Not only on PCs but on Macs too.
Why?
Hackers know about this flaw and they are having a field day extravaganza.
Now if you have an older version of Java (why tho?) you might be safe. But just to be on the safe side, either go directly into Java or your browser settings and just disable it right now for your computer's safety.
I've disallowed temp internet files directly through my Java and I disabled the plug in through Chrome (chrome://plugins). Just in case.
Cause I am paranoid.
https://krebsonsecurity.com/how-to-unpl ... e-browser/
You might want to follow these instructions. Just to be careful.
http://news.cnet.com/8301-1009_3-575637 ... erability/
You can also simply download it from the main site.
Java screwed up.
Short version: As RenPy kinda needs Java for some people, uninstalling it may be a bit extreme so disable it in your browsers. All of them. Now. SERIOUSLY.
Long version: Java screwed up and now it has a massive security flaw. Just typing Java into Google will pull up the full story, but basically? The GOVERNMENT is telling users to disable or uninstall Java. Like right now. Not only on PCs but on Macs too.
Why?
Hackers know about this flaw and they are having a field day extravaganza.
Now if you have an older version of Java (why tho?) you might be safe. But just to be on the safe side, either go directly into Java or your browser settings and just disable it right now for your computer's safety.
I've disallowed temp internet files directly through my Java and I disabled the plug in through Chrome (chrome://plugins). Just in case.
Cause I am paranoid.
https://krebsonsecurity.com/how-to-unpl ... e-browser/
You might want to follow these instructions. Just to be careful.
Last edited by Blane Doyle on Sun Jan 13, 2013 9:58 pm, edited 1 time in total.
-
- Forum Founder
- Posts: 2005
- Joined: Sat Jan 25, 2003 2:32 pm
- Completed: ToL, Shoujo Attack!, Lemma Ten
- Projects: [RETIRED FROM FORUM ADMINISTRATION - CONTACT PYTOM WITH ISSUES]
- Contact:
Re: Java: Disable it. Just do it. Now.
I just went ahead and uninstalled it on one of my computers. It was always bugging me to update and then failing to update anyway. Very annoying.
Of course, I forgot I was using jEdit... ^_^; So now I'm using Editra or whatever that new thing Ren'Py is hooked up to now is.
Of course, I forgot I was using jEdit... ^_^; So now I'm using Editra or whatever that new thing Ren'Py is hooked up to now is.
“Among those who dislike oppression are many who like to oppress.”
- Napoleon Bonaparte
I've retired from forum administration. I do not add people to the "adult" group, deactivate accounts, nor any other administrative task. Please direct admin/mod issues to PyTom or the other mods : )
- Napoleon Bonaparte
I've retired from forum administration. I do not add people to the "adult" group, deactivate accounts, nor any other administrative task. Please direct admin/mod issues to PyTom or the other mods : )
- Blane Doyle
- Miko-Class Veteran
- Posts: 809
- Joined: Mon Dec 21, 2009 10:00 am
- Organization: Autumn Eclectic
- Location: Mountains
- Contact:
Re: Java: Disable it. Just do it. Now.
I am leaving mine installed (I don't have the NEWEST update, but I am up to date to this point and afraid to try now), but only because disabling it in your browser will apparently make most of the danger diminish.
I also also turned my (previously disabled) ad blocker onto max and disabled JavaScript for anything but YouTube for now because... paranoid. Again. (I know JavaScript is not the same as Java the program, paranoia does not use logic.)
I also also turned my (previously disabled) ad blocker onto max and disabled JavaScript for anything but YouTube for now because... paranoid. Again. (I know JavaScript is not the same as Java the program, paranoia does not use logic.)
- Hijiri
- Eileen-Class Veteran
- Posts: 1519
- Joined: Sun Mar 25, 2012 6:35 pm
- Completed: Death Rule:lost code Overdrive Edition, Where the White Doves Rest-Tsumihanseishi
- Projects: Death Rule: Killing System
- Organization: MESI Games
- IRC Nick: Hizi
- Tumblr: mesigames
- Skype: kurotezuka
- itch: hijiri
- Location: Los Angeles
- Contact:
Re: Java: Disable it. Just do it. Now.
On the downside, you're now running a crippled brower. Sad to say, much of the internet is dependent on Java, from the looks of things.
-
- Forum Founder
- Posts: 2005
- Joined: Sat Jan 25, 2003 2:32 pm
- Completed: ToL, Shoujo Attack!, Lemma Ten
- Projects: [RETIRED FROM FORUM ADMINISTRATION - CONTACT PYTOM WITH ISSUES]
- Contact:
Re: Java: Disable it. Just do it. Now.
@Hijiri: If I'm not mistaken, most of the uses of Java are on the server side, not client side. I remember when Java first came out and there was all that hype about Java OSes and applets running in browsers. Those didn't really pan out, though.
Does anyone know of anything major you'd reach by browser that relies on Java (not JavaScript)?
Does anyone know of anything major you'd reach by browser that relies on Java (not JavaScript)?
“Among those who dislike oppression are many who like to oppress.”
- Napoleon Bonaparte
I've retired from forum administration. I do not add people to the "adult" group, deactivate accounts, nor any other administrative task. Please direct admin/mod issues to PyTom or the other mods : )
- Napoleon Bonaparte
I've retired from forum administration. I do not add people to the "adult" group, deactivate accounts, nor any other administrative task. Please direct admin/mod issues to PyTom or the other mods : )
- Blane Doyle
- Miko-Class Veteran
- Posts: 809
- Joined: Mon Dec 21, 2009 10:00 am
- Organization: Autumn Eclectic
- Location: Mountains
- Contact:
Re: Java: Disable it. Just do it. Now.
Yeah, I may have overreacted. JavaScript itself apparently has nothing to do with this. That's back on (mostly because, you know, I actually need to access Google Reader and other stuff).
Java the Program itself is what has been hit, and most stuff (that I use and know of) on the net doesn't need it (except weather websites apparently, and porn sites of course. I know there are games that require Java but I doubt they'll get hit that hard, and there are also some chat clients that require it). Nothing I normally use requires it, it seems. I can literally go about my life without Java for a while until they fix this.
Basically, if you disable it in your browser and check a site that needs it (for example, the official Java test page) and it says you need it? You're safe. At least, the probably 15 articles I have read say you are.
Java the Program itself is what has been hit, and most stuff (that I use and know of) on the net doesn't need it (except weather websites apparently, and porn sites of course. I know there are games that require Java but I doubt they'll get hit that hard, and there are also some chat clients that require it). Nothing I normally use requires it, it seems. I can literally go about my life without Java for a while until they fix this.
Basically, if you disable it in your browser and check a site that needs it (for example, the official Java test page) and it says you need it? You're safe. At least, the probably 15 articles I have read say you are.
- Reikun
- Miko-Class Veteran
- Posts: 565
- Joined: Tue Dec 20, 2011 9:57 pm
- Completed: Mnemonic Devices, Ciikos Bridge, Helena's Flowers, The Madness
- Projects: Fox in the Hollyhocks
- Organization: skyharborr
- itch: skyharborr
- Contact:
Re: Java: Disable it. Just do it. Now.
You can read the US Government warning on the issue here: http://www.us-cert.gov/cas/techalerts/TA13-010A.html
And don't forget to back up your games!
This seems to be the main method of "attack" according to the source. I know next to nothing about the actual code behind Java so I'm not sure if someone would be able to hack your system from existing java applets/applications. Better safe than sorry I guess?US-CERT wrote:By convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process.
And don't forget to back up your games!
- Sapphi
- Eileen-Class Veteran
- Posts: 1685
- Joined: Fri Jun 05, 2009 3:31 am
- Completed: Boku no Taisetsu na Yumeko
- Projects: Twelve, PAW ★ PRINTS
- Organization: Kitsch-soft
- Location: Illinois, USA
- Contact:
Re: Java: Disable it. Just do it. Now.
I don't know why I still have Java 6... I think it's because every time that annoying thing pops up like "Update me, update me!" I'm like "Grahh, you're annoying, close now!" Anyway, I disabled it, just to be safe. Thanks for the heads-up!Blane Doyle wrote: Now if you have an older version of Java (why tho?) you might be safe.
- PyTom
- Ren'Py Creator
- Posts: 16096
- Joined: Mon Feb 02, 2004 10:58 am
- Completed: Moonlight Walks
- Projects: Ren'Py
- IRC Nick: renpytom
- Github: renpytom
- itch: renpytom
- Location: Kings Park, NY
- Contact:
Re: Java: Disable it. Just do it. Now.
The risk of something like this is why I've been trying to get people on Editra. Too late.
(Everyone, disable java applets.)
(Everyone, disable java applets.)
Supporting creators since 2004
(When was the last time you backed up your game?)
"Do good work." - Virgil Ivan "Gus" Grissom(When was the last time you backed up your game?)
Software > Drama • https://www.patreon.com/renpytom
Re: Java: Disable it. Just do it. Now.
Luckily I do not use Java.
This might be answering my own question too, but if I do not see anything Java related as an extension or plugin for Firefox, I'm safe. Correct?
I once installed Java to use jEdit but after jEdit STILL didnt work after installing Java, I uninstalled it. That said, I am safe since the installer EXE is the only trace of Java I can visibly find on my computer, yes?
This might be answering my own question too, but if I do not see anything Java related as an extension or plugin for Firefox, I'm safe. Correct?
I once installed Java to use jEdit but after jEdit STILL didnt work after installing Java, I uninstalled it. That said, I am safe since the installer EXE is the only trace of Java I can visibly find on my computer, yes?
-
- mugenjohncel
- Hentai Poofter
- Posts: 2121
- Joined: Sat Feb 04, 2006 11:13 pm
- Organization: Studio Mugenjohncel
- Location: Philippines
- Contact:
Re: Java: Disable it. Just do it. Now.
But... but... I can't get Editra or any of the Text editor to work on Ren'py 6.14PyTom wrote:this is why I've been trying to get people on Editra
I'm practically stuck on 6.13 (and will be for a very long time) and heavily dependent on JEdit to get anything done because it's the only thing that works on my Ren'py machine...
Guess I'll just work on a computer that is not connected to the internet...
"POOF" (Disappears)
- PyTom
- Ren'Py Creator
- Posts: 16096
- Joined: Mon Feb 02, 2004 10:58 am
- Completed: Moonlight Walks
- Projects: Ren'Py
- IRC Nick: renpytom
- Github: renpytom
- itch: renpytom
- Location: Kings Park, NY
- Contact:
Re: Java: Disable it. Just do it. Now.
You can also just turn off java applets.
CERT wrote: Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client:
For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab.
If you are unable to update to Java 7 Update 10 please see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per-browser basis.
Supporting creators since 2004
(When was the last time you backed up your game?)
"Do good work." - Virgil Ivan "Gus" Grissom(When was the last time you backed up your game?)
Software > Drama • https://www.patreon.com/renpytom
-
- Forum Founder
- Posts: 2005
- Joined: Sat Jan 25, 2003 2:32 pm
- Completed: ToL, Shoujo Attack!, Lemma Ten
- Projects: [RETIRED FROM FORUM ADMINISTRATION - CONTACT PYTOM WITH ISSUES]
- Contact:
Re: Java: Disable it. Just do it. Now.
@mugen: I had errors with Editra from Ren'Py at first too. I just tried it a couple more times and it suddenly worked :p
I liked jEdit, though... It's ironic because one of the whole selling points of Java originally was that it was supposed to be more secure!
I liked jEdit, though... It's ironic because one of the whole selling points of Java originally was that it was supposed to be more secure!
“Among those who dislike oppression are many who like to oppress.”
- Napoleon Bonaparte
I've retired from forum administration. I do not add people to the "adult" group, deactivate accounts, nor any other administrative task. Please direct admin/mod issues to PyTom or the other mods : )
- Napoleon Bonaparte
I've retired from forum administration. I do not add people to the "adult" group, deactivate accounts, nor any other administrative task. Please direct admin/mod issues to PyTom or the other mods : )
-
- King of Lolies
- Posts: 4538
- Joined: Mon Nov 26, 2007 9:57 pm
- Completed: R.S.P
- Location: Bandung, West Java, Indonesia
- Contact:
Re: Java: Disable it. Just do it. Now.
Well, fortunately I almost never update things unless it's absolutely necessary (my Java is version 6.0) and always disable it since there was a warning about Java security holes even before this.
"Double the princesses, quadruple the fun!" - Haken Browning (SRW-OG Endless Frontier)
DeviantArt Account
MoeToMecha Blog (under construction)
Lolicondria Blog (under construction) <- NSFW
DeviantArt Account
MoeToMecha Blog (under construction)
Lolicondria Blog (under construction) <- NSFW
- Blane Doyle
- Miko-Class Veteran
- Posts: 809
- Joined: Mon Dec 21, 2009 10:00 am
- Organization: Autumn Eclectic
- Location: Mountains
- Contact:
Re: Java: Disable it. Just do it. Now.
@PyTom That seems to be the way to go about it, PyTom. Everything I can find seems to say that it is only when used online that it becomes dangerous. Using Java for things offline, or when your net is disconnected, should (in theory) prove no issue.
Disabling it in the program itself is a more sure fire way of preventing this, but if you only use one browser (like me) just disabling it in the browser itself should work. But I know other people might use Chrome, FF, and IE simultaneously so that's a good thing to note here.
If you have 7.10, PLEASE follow the instructions PyTom posted.
@Mugen I hope you don't have to resort to that...
I'd miss your Twitter updates too much! D8
(But no, seriously, I REALLY hope you don't have to go that far and that you can work on your games, this has to be exceedingly annoying for anyone who relies on Java here... I prefer jEdit actually, but only because I used it for so long.)
Disabling it in the program itself is a more sure fire way of preventing this, but if you only use one browser (like me) just disabling it in the browser itself should work. But I know other people might use Chrome, FF, and IE simultaneously so that's a good thing to note here.
If you have 7.10, PLEASE follow the instructions PyTom posted.
@Mugen I hope you don't have to resort to that...
I'd miss your Twitter updates too much! D8
(But no, seriously, I REALLY hope you don't have to go that far and that you can work on your games, this has to be exceedingly annoying for anyone who relies on Java here... I prefer jEdit actually, but only because I used it for so long.)
Who is online
Users browsing this forum: No registered users