Make sure the JAVA running your Comp is up to date!

[EagleKeeper]

I'm serious about this.

You don't have to run windows update, just go to the Oracle website.

http://www.java.com/en/download/index.jsp

If your not running windows it *does* matter, either disable it or make sure it's up to date.

I'm not kidding, do it.

[thundley4]

They have been releasing more updates than Microsoft lately.

[J P Sousa]

I uninstalled Java.........nobody seems to know what's what with this thing. 

[EagleKeeper]

I'm bumping this.

I just spoke with someone that told me that their network got borked by this (multiple) vulnerablity(s).

If you run windows you are vulnerable.

I don't care what version of windows you have, update it.

[formerlurker]

Can you give us an update as to why we need to do this (I just did it - thanks for the warning).

[EagleKeeper]

I don't know what this thing is called yet, I'm kinda out of the loop.

I do know that it made a network drive unavailable for an entire company.

[formerlurker]

Ok thanks.

[Maxiest]

I don't know what this thing is called yet, I'm kinda out of the loop.

I do know that it made a network drive unavailable for an entire company.

I highly doubt that.  I am not onsite, but I haven't read anything about any of these Java virus's attacking any network resources.  And they are pretty much just malware.

[EagleKeeper]

That's fine.

Here is what I know...

It didn't effect the mainframe.

It made a company wide network drive unavailable for 2 days.

The person I talked to said that it had something to do with java but this person is not in IT. This person must talk to the IT folkes as part of her job.

[Maxiest]

That's fine.

Here is what I know...

It didn't effect the mainframe.

It made a company wide network drive unavailable for 2 days.

The person I talked to said that it had something to do with java but this person is not in IT. This person must talk to the IT folkes as part of her job.

Yeah we always blame it on some bullshit when talking to non-IT folks, we hate going into how the PERC 3/Di Raid controller failed to initialize after we just upgraded the firmware because it couldn't handle the new drives we purchased and now even since we did the firmware upgrade neither the old or new drives will initialize.

[EagleKeeper]

Whatever

I'm only going to do this once.

The person I talked to runs a group within a company,right?

The various groups need to talk to IT, primarily to discuss mainframe programming.

The person I talked to is not in IT but because she understands what her business unit needs to see from the mainframe she talks to IT.

While she was talking to IT she learned (sorta) why her L drive had been missing for 2 days. She doesn't give a damn about computers but she does care about the L drive and it was explained to her that they had a virus problem that caused them to not have an L drive for two days.

She understood that it was caused through a vulnerability within java.

Do you remember spybot 32...I saw it coming, from spain, but I didn't recognize what it was and neither did they.

It didn't bother me to much, all I had to do was square away the servers. The helpdesk on the otherhand was much more challenged. 

[Maxiest]

Whatever

I'm only going to do this once.

The person I talked to runs a group within a company,right?

The various groups need to talk to IT, primarily to discuss mainframe programming.

The person I talked to is not in IT but because she understands what her business unit needs to see from the mainframe she talks to IT.

While she was talking to IT she learned (sorta) why her L drive had been missing for 2 days. She doesn't give a damn about computers but she does care about the L drive and it was explained to her that they had a virus problem that caused them to not have an L drive for two days.

She understood that it was caused through a vulnerability within java.

Do you remember spybot 32...I saw it coming, from spain, but I didn't recognize what it was and neither did they.

It didn't bother me to much, all I had to do was square away the servers. The helpdesk on the otherhand was much more challenged. 

I wasn't trying to argue.  Sorry if you thought that.  Just making conversation.

Just in my experience, I have never seen or heard of a Java virus that could even touch a network drive/server/array.

[J P Sousa]

I wasn't trying to argue.  Sorry if you thought that.  Just making conversation.

Just in my experience, I have never seen or heard of a Java virus that could even touch a network drive/server/array.

Facebook ???

http://www.forbes.com/sites/andygreenberg/2013/02/15/facebook-hacked-via-java-vulnerability-claims-no-user-data-compromised/

.

[EagleKeeper]

I wasn't trying to argue.  Sorry if you thought that.  Just making conversation.

Just in my experience, I have never seen or heard of a Java virus that could even touch a network drive/server/array.

No Maxiest, I just want folkes to understand that it is the virus they don't know about that will delete their files (or their L drives).

A well constructed virus moves through the internet like a hot knife.

Java has problems and the bad guys know it.

Update Java and if you can push it out to your clients do it.

And it's not just windows.

Update your fookin java!

[Maxiest]

Facebook ???

http://www.forbes.com/sites/andygreenberg/2013/02/15/facebook-hacked-via-java-vulnerability-claims-no-user-data-compromised/

.

As I said...

This attacked on a couple machines(laptops) and didn't go any further.

The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.

[EagleKeeper]

Maxiest

Just for conversation.

Can I ask what you have on the perimeter of your network?

[Maxiest]

We use Sonic Firewall and Barracuda, but most of our stuff is connected through the state, and I have no idea what they are using.

[EagleKeeper]

When I was in the biz we used barracuda for web traffic.

Two Clearswift servers for email (I think they are strictly devices now) and of course a cisco firewall.

I also had Snort sensors that listened to every link that went to the internet. And to every link that went to other parts of the company.

On the other end we had an embedded checkpoint firewall 1 running on a nortel bln (backbone Lan Node) 9000 I think.

We had T-1, mpls, and VPN links done through nortel devices.


At this point I ain't trying to prove anything, I'm just talkin shop.

[Chris_]

I had a friend that did network security for the state for a few years until moving on to self-employment.  He could probably have told you exactly what they were using.

[Maxiest]

When I was in the biz we used barracuda for web traffic.

Two Clearswift servers for email (I think they are strictly devices now) and of course a cisco firewall.

I also had Snort sensors that listened to every link that went to the internet. And to every link that went to other parts of the company.

On the other end we had an embedded checkpoint firewall 1 running on a nortel bln (backbone Lan Node) 9000 I think.

We had T-1, mpls, and VPN links done through nortel devices.

Yeah, see that State does all of that web site motioning on their end as we use their DNS.

Our internal VPN is run through a Cisco firewall.

[Maxiest]

I had a friend that did network security for the state for a few years until moving on to self-employment.  He could probably have told you exactly what they were using.

Yes I know who you are talking about as we have talked about him before.  He probably did know more specifics on the State hardware than I did as we are a Non-Consolidated department.  Meaning we provide most of the IT services minus a the major backbone, although we are looking at moving away from that as we have to pay the State for those services.  And shitty ones at that.

[EagleKeeper]

Yes I know who you are talking about as we have talked about him before.  He probably did know more specifics on the State hardware than I did as we are a Non-Consolidated department.  Meaning we provide most of the IT services minus a the major backbone, although we are looking at moving away from that as we have to pay the State for those services.  And shitty ones at that.

Do yourself a favor and start reading up on GRE

Start with the Requests for comments (RFC)