Saturday, September 08, 2012

Java does a “Jack and Jill”

CC attribution: illustration "Jack and Jill" by "perpetualplum" on flickr.
Jack n Jill Mod

So here is the way I saw the Java drama roll downhill like Jack and Jill over the last two weeks from security standpoint.

So we started out safely headed up the hill to fetch our water shod with Oracle’s Java 1.7 update 6.

08/27/2012 - Starting up the hill…

Oh noes! Jack has stumbled!

(It wasn’t really clear at first, but Java 1.6.34 was also vulnerable.)

08/30/2012 - Java Jack Recovers

Fortunately Java Jack just had a stumble, the pail and his crown are still safe after catching himself.

So we all rush out and download Java 1.7.7 and/or Java 1.6.35.

Whew! That was close.

08/31/2012 - Java Jack Takes a Dive bringing Jill with him

Jack…Stop looking at that frisky rabbit and getting ideas and pay attention dude! You’re about to step into some of its…

Oh snap! You did and you slipped in it.

Seriously Jack. Really?

You should have been paying better attention to your hill-climbing technique; or at the very least dear Jill and not the rabbit.

Now you’ve taken Jill out in your folly and broken your crown; again.

Still Want That Water?

So where does that leave us now that we are holding the pail to safely quench our thirst?

Here is some sound advice.

Me? I just disabled my Java browser plugins for IE/Chrome/Firefox and run NoScript in Firefox. However I didn’t uninstall my Java applications (1.6.35/1.7.6) as I do use a handful of true Java applications on my system.

I figure that will have to do for now until the next round of updates rolls.

No word when Jack will be out of the ER yet. Jill remains pouty.

Other Java-related tools you might be interested in while you wait…

  • JavaRa - SingularLabs - great third-party freeware utility to manage your Java RE build installations. More here at
  • Jarfix - Johann N. Löfflmann’s tiny app to fix Java “JAR” file associations on Windows after a Java update borks them.
  • Java SE Downloads - Oracle - Java SE (Standard Edition) 7u7 JRE (Java Runtime Environment) and Java SE 6 update 35 JRE download links available from this link. When new updates are available you should be able to get them here.

Oh, did I mention that we just completed a massive rollout of Java 1.6.31 a few weeks ago across our enterprise to bring us to a new operational standard?

I lovingly refer to it as Project Maginot Line.

à revoir! from the bunker,

--Claus V.

No comments: