Is this something to worry about for people who play on Pocket Monkey?
Not directly, no. It's perfectly safe to allow the PM Java applet to run (e.g., when you're here playing your games).
But this might be a good time to make sure your browser is set to ask you before firing up Java applets on other pages you may visit. Chrome does this by default. It's quite slick: The first time you go to a page that wants to run a Java applet it hasn't seen you run before, it doesn't run the applet, but unobtrusively asks you what to do with a bar at the top of the page. You can say "Yes, once", "Yes, always", "No", or "Never." The answer only applies to that applet on that page, not to other pages. Very easy. I thinkFirefox does something similar as well. I don't know about recent versions of IE, but IE9 might. Older versions of IE won't, but you shouldn't be using older versions of IE anyway. (Never surf the great unwashed web using IE6 or IE7. If you have XP, use IE8, fully-patched. If you have Windows 7, use IE9, fully patched.)
The idea is, basically: If the browser doesn't run the applet containing the exploit, the exploit can't affect you. So only let the browser run applets automatically on sites you trust, like PM (I hope), and not on random pages you might visit in the course of web surfing. On those pages, you want the browser to ask you first (and you probably want to say no).
That sounds like your browser protecting you. I expect it's also giving you the option to ignore the warning.
But if you update to the very, very latest version of Java, it has a patch for the particular issue that the fuss has been about. -- T.J. Crowder First Primate Pocket-Monkey.com
The fuss
Message #22425 Replies: 2
posted by petr.pavel (Petr 'PePa' Pavel) on 08/30 at 09:07
I think the fuss is about a security hole in JRE 1.7x that has been left unpatched for a few months. While many programs contain security holes for months, this particular one gained fame because its exploit has become a part of a hacking suite Blackhole which means even script kiddies can exploit it now.
The only hope one has is to always keep its computer fully patched - operating system, browsers, applications, all components (e.g. Flash, Java). It does take some effort but you get good sleep in return.
Although browsers try hard to protect people from their laziness and ignorance, you can't really rely on it.
As with this particular issue, even patching will not save you if the developer doesn't make a patch. That's just life.
If you run FireFox you can install the "NoScript" addon
"The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank)."
http://noscript.net/
Info video https://www.youtube.com/watch?v=GzBqnLgOzwM
Re: The fuss
Message #22428 Replies: 0
posted by petr.pavel (Petr 'PePa' Pavel) on 08/31 at 08:55
Oracle just released a patch for this particular famous security hole (leaving other holes still open): http://www.forbes.com/sites/andygreenberg/2012/08/30/oracle-quietly-releases-fix-for-serious-java-security-bug-months-after-it-was-reported/
Forum
software by
Crowder Software Pocket-Monkey and the Pocket-Monkey logo are trademarks of T.J. Crowder and Jock Murphy. All other trademarks are the property of their respective owners.
