Announcement

**GreyGeek** · Jul 10, 2012, 11:42 AM

Exactly, No Java, no problem.

**vw72** · Jul 10, 2012, 03:27 PM

Even with Java, when it asks you to download and install the app, just say "No."

**GreyGeek** · Jul 10, 2012, 05:21 PM

Originally posted by vw72 View Post

Even with Java, when it asks you to download and install the app, just say "No."

You mean "IF" it asks you...

Java applets on websites are notorious for running in the stealth mode, with your privileges. IF you keep Java make sure your patches are up to date.

**capt-zero** · Jul 10, 2012, 07:32 PM

While I don't remember installing Java, how does one make sure they don't have Java installed, and how does one remove it?

**SteveRiley** · Jul 11, 2012, 12:05 AM

Originally posted by capt-zero View Post

While I don't remember installing Java, how does one make sure they don't have Java installed, and how does one remove it?

On your machine, what's the output of:

Code:

dpkg -l | egrep 'java|jre|icedtea'

**capt-zero** · Jul 11, 2012, 06:40 AM

Steve,

Here's the output:
ii plasma-scriptengine-javascript
4:4.8.4-0ubuntu0.1
JavaScript script engine for Plasma

Thanx,
capt-zero

**JontheEchidna** · Jul 11, 2012, 08:04 AM

Javascript and Java are two very different things.

**SteveRiley** · Jul 11, 2012, 11:58 AM

Capt, you're fine -- there's no Java on your system.

As Jonathan mentioned, Java and JavaScript are very different. kde-runtime depends on that Plasma JavaScript package. Because the attack relies on Java, not JavaScript, you've nothing to worry about.

**capt-zero** · Jul 11, 2012, 12:36 PM

Steve,

Thanks for the help. Now, just what did that script you had me run do? Trying to learn a little about the CLI.
Also, does the mentioned story now mean we have to be concerned about infections sneaking into our systems through some other means?

Thanx,
capt-zero

**SteveRiley** · Jul 11, 2012, 01:07 PM

Originally posted by capt-zero View Post

Thanks for the help. Now, just what did that script you had me run do? Trying to learn a little about the CLI.

dpkg is Debian's low-level package manager. Typically we're used to dealing with front-ends like apt-get or Aptitude that can handle dependency resolutions and download additional packages as necessary. dpkg allows you to interact with the packages that are already installed on your system, to inspect and manually install .deb files that you've downloaded, and many other things. As typical, man dpkg is your friend.

dpkg -l is actually a hand-off to dpkg-query -l, which lists information about packages in the database. man dpkg-query explains it in detail. Essentially, it displays packages that are not marked as not installed. That's somewhat tortured wording, I know, but packages can exist in states other than "installed" or "purged" (= not installed). The man page explains all the states. dpkg -l is a quick way of listing all packages that are installed, plus all packages (or their configuration files) that are somehow present on your machine.

I had you pipe that output through egrep, looking specifically for "java" or "jre" or "icedtea." These are the components that constitute a standard Java install. I always install the Java runtime and a browser plugin on my systems because I need them for a variety of things. I do this via:

Code:

sudo apt-get install default-jre icedtea-plugin

And here's the output of the dpkg-query command on my system:

Code:

steve@t520:~$ [B]dpkg -l | egrep 'java|jre|icedtea'[/B]
ii  ca-certificates-java           20110912ubuntu6                 Common CA certificates (JKS keystore)
ii  default-jre                    1:1.6-43ubuntu2                 Standard Java or Java compatible Runtime
ii  default-jre-headless           1:1.6-43ubuntu2                 Standard Java or Java compatible Runtime (headless)
ii  icedtea-6-plugin               1.2-2ubuntu1                    web browser plugin based on OpenJDK and IcedTea to execute Java applets
ii  icedtea-netx                   1.2-2ubuntu1                    NetX - implementation of the Java Network Launching Protocol (JNLP)
ii  icedtea-netx-common            1.2-2ubuntu1                    NetX - implementation of the Java Network Launching Protocol (JNLP)
ii  icedtea-plugin                 1.2-2ubuntu1                    web browser plugin to execute Java applets (dependency package)
ii  java-common                    0.43ubuntu2                     Base of all Java packages
ii  libatk-wrapper-java            0.30.4-0ubuntu2                 An ATK implementation for Java using JNI
ii  libatk-wrapper-java-jni        0.30.4-0ubuntu2                 An ATK implementation for Java using JNI (jni bindings)
ii  libswt-gtk-3-java              3.7.2-2                         Standard Widget Toolkit for GTK+ Java library
ii  openjdk-6-jre                  6b24-1.11.1-4ubuntu3            OpenJDK Java runtime, using Hotspot JIT
ii  openjdk-6-jre-headless         6b24-1.11.1-4ubuntu3            OpenJDK Java runtime, using Hotspot JIT (headless)
ii  openjdk-6-jre-lib              6b24-1.11.1-4ubuntu3            OpenJDK Java runtime (architecture independent libraries)
ii  plasma-scriptengine-javascript 4:4.8.90-0ubuntu1~precise1~ppa1 JavaScript script engine for Plasma
ii  tzdata-java                    2012b-1                         time zone and daylight-saving time data for use by java runtimes

If you would have had these "jre" and "icedtea" plugin packages installed, then Java would be present on your machine.

Originally posted by capt-zero View Post

Also, does the mentioned story now mean we have to be concerned about infections sneaking into our systems through some other means?

The story describes a malicious Java applet that incorporates a bit of intelligence. When the code runs, it detects which operating system you're using, and then downloads an additional malicious payload specificall for your operating system. What we should learn from this is that bad guys will target anything they feel they can find vulnerabilities in. No software is 100% secure.

**capt-zero** · Jul 11, 2012, 01:40 PM

Thanks steve,

Very informative post. I have just finished a new install on a new(to me) machine. Reading this post reminded me to install and run 'firestarter' and 'clamtk'.

Thanx again,
capt-zero

**SteveRiley** · Jul 11, 2012, 01:42 PM

Happy to help.

**vinnywright** · Jul 11, 2012, 05:53 PM

vinny@Vinnys-HP-G62:~$ dpkg -l | egrep 'java|jre|icedtea'
ii ca-certificates-java 20110912ubuntu6 Common CA certificates (JKS keystore)
ii default-jre 1:1.6-43ubuntu2 Standard Java or Java compatible Runtime
ii default-jre-headless 1:1.6-43ubuntu2 Standard Java or Java compatible Runtime (headless)
ii gcj-4.6-jre-lib 4.6.3-1ubuntu2 Java runtime library for use with gcj (jar files)
ii icedtea-6-jre-cacao 6b24-1.11.1-4ubuntu3 Alternative JVM for OpenJDK, using Cacao
ii icedtea-6-jre-jamvm 6b24-1.11.1-4ubuntu3 Alternative JVM for OpenJDK, using JamVM
ii icedtea-6-plugin 1.2-2ubuntu1 web browser plugin based on OpenJDK and IcedTea to execute Java applets
ii icedtea-netx 1.2-2ubuntu1 NetX - implementation of the Java Network Launching Protocol (JNLP)
ii icedtea-netx-common 1.2-2ubuntu1 NetX - implementation of the Java Network Launching Protocol (JNLP)
ii icedtea-plugin 1.2-2ubuntu1 web browser plugin to execute Java applets (dependency package)
ii java-common 0.43ubuntu2 Base of all Java packages
ii libaccess-bridge-java 1.26.2-9 Java Access Bridge for GNOME
ii libaccess-bridge-java-jni 1.26.2-9 Java Access Bridge for GNOME (jni bindings)
ii libapache-pom-java 10-2 Maven metadata for all Apache Software projects
ii libasm3-java 3.3.2-1 Java bytecode manipulation framework
ii libatk-wrapper-java 0.30.4-0ubuntu2 An ATK implementation for Java using JNI
ii libatk-wrapper-java-jni 0.30.4-0ubuntu2 An ATK implementation for Java using JNI (jni bindings)
ii libcommons-beanutils-java 1.8.3-2 utility for manipulating JavaBeans
ii libcommons-cli-java 1.2-3 API for working with the command line arguments and options
ii libcommons-codec-java 1.5-1 encoder and decoders such as Base64 and hexadecimal codec
ii libcommons-collections3-java 3.2.1-5 A set of abstract data type interfaces and implementations
ii libcommons-compress-java 1.2-1ubuntu1 Java API for working with tar, zip and bzip2 files
ii libcommons-digester-java 1.8.1-3 Rule based XML Java object mapping tool
ii libcommons-el-java 1.0-7 Implementation of the JSP2.0 Expression Language interpreter
ii libcommons-httpclient-java 3.1-10 A Java(TM) library for creating HTTP clients
ii libcommons-lang-java 2.6-3ubuntu1 Extension of the java.lang package
ii libcommons-logging-java 1.1.1-9 commmon wrapper interface for several logging APIs
ii libcommons-parent-java 22-2 Maven metadata for Apache Commons project
ii libdb-java 5.1.4ubuntu1 Berkeley Database Libraries for Java
ii libdb-je-java 3.3.98-1 Oracle Berkeley Database Java Edition
ii libdb5.1-java 5.1.25-11build1 Berkeley v5.1 Database Libraries for Java
ii libdb5.1-java-gcj 5.1.25-11build1 Berkeley v5.1 Database Libraries for Java (native code)
ii libecj-java 3.5.1-3 Eclipse Java compiler (library)
ii libequinox-osgi-java 3.7.2-1 Equinox OSGi framework
ii libhamcrest-java 1.1-8 library of matchers for building test expressions
ii libhsqldb-java 1.8.0.10-9ubuntu2 Java SQL database engine
ii libicu4j-4.4-java 4.4.2.2-1 Library for Unicode support and internalisation
ii libicu4j-java 4.2.1.1-1 Library for unicode support and internalisation
ii libjasper-java 5.5.33-2 Implementation of the JSP Container
ii libjavascriptcoregtk-1.0-0 1.8.0-0ubuntu2 Javascript engine library for GTK+
ii libjavascriptcoregtk-3.0-0 1.8.0-0ubuntu2 Javascript engine library for GTK+
ii libjaxp1.3-java 1.3.05-2ubuntu2 Java XML parser and transformer APIs (DOM, SAX, JAXP, TrAX)
ii libjetty-java 6.1.24-6ubuntu0.12.04.1 Java servlet engine and webserver -- core libraries
ii libjline-java 1.0-1 Java library for handling console input
ii libjsch-java 0.1.42-2fakesync1 pure Java implementation of the SSH2 protocol
ii libjtidy-java 7+svn20110807-3 JTidy
ii liblucene2-java 2.9.4+ds1-4 Full-text search engine library for Java(TM)
ii libregexp-java 1.5-3 Regular expression library for Java
ii libreoffice-java-common 1:3.5.3-0ubuntu1 office productivity suite -- arch-independent Java support files
ii libservlet2.4-java 5.5.33-1 Servlet 2.4 and JSP 2.0 Java library
ii libservlet2.5-java 6.0.35-1ubuntu3 Servlet 2.5 and JSP 2.1 Java API classes
ii libslf4j-java 1.6.4-1 Simple Logging Facade for Java
ii libswt-gtk-3-java 3.7.2-2 Standard Widget Toolkit for GTK+ Java library
ii libxerces2-java 2.11.0-4 Validating XML parser for Java with DOM level 3 support
ii libxml-commons-external-java 1.4.01-2 XML Commons external code - DOM, SAX, and JAXP, etc
ii libxml-commons-resolver1.1-java 1.2-7 XML entity and URI resolver library
ii openjdk-6-jre 6b24-1.11.1-4ubuntu3 OpenJDK Java runtime, using Hotspot JIT
ii openjdk-6-jre-headless 6b24-1.11.1-4ubuntu3 OpenJDK Java runtime, using Hotspot JIT (headless)
ii openjdk-6-jre-lib 6b24-1.11.1-4ubuntu3 OpenJDK Java runtime (architecture independent libraries)
ii plasma-scriptengine-javascript 4:4.8.4-0ubuntu0.1 JavaScript script engine for Plasma
ii tzdata-java 2012b-1 time zone and daylight-saving time data for use by java runtimes

most of it was instaled with Eclipse and android-sdk-linux ......WoW

VINNY

**sixonetonoffun** · Jul 11, 2012, 10:19 PM

I give this some serious consideration.
Yet there is fine line between usability and security. Been messing with PeerGuardian (https://launchpad.net/~jre-phoenix/+archive/ppa) last couple days its a pain to setup. Yet is more secure then IPList as it asks for sudo password rather than running as Root as IPList GUI does. Need to hammer on it some and see what gives.

Short story is I believe its best to take measures and up to date block lists from respectable sources like DShield, Spamhaus aren't a bad way to start. At least now that we're talking about little-known web-based attacks specifically. The hype about long term (estimated 10 yrs) development of Stuxnet, Duqu and Flame only show just how broad and well funded Cyber Warfare is today. The fact these have been used and allowed to be reversed and examined forensically seem to indicate obsolescence to a degree.

Announcement

Another good reason to exercise healthy paranoia

Another good reason to exercise healthy paranoia

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment