"No amount of talking or smoothing over [Java's security problems] is going to make anybody happy or do anything for us. We have to fix Java."
- Milton Smith, Sr. Principle Product Security Manager - Java at Oracle
(conference call with worldwide Java User Group, January 25th, 2013)
....from:
https://blogs.oracle.com/theaquarium/entry/oracle_speaks_up_on_java
Oracle Speaks up on Java Security
By reza_rahman on Jan 25, 2013
As many of you are keenly aware, there has been a veritable media firestorm around the recent Java vulnerability. As you know, the vulnerability pertains to Java on the browser, not server-side Java, desktop Java or emdedded Java. You may also have been frustrated with Oracle's relative silence on the issue.
Hopefully it comes as some relief that Oracle is now starting to openly speak up on the issue. The lead for Oracle Security Martin Smith and Doland Smith from the OpenJDK team very recently had a conference call with worlwide JUG leaders. The recordings of the meeting is available [at http://java.net/downloads/jugs/Jan24_JUGLeaderCall.mp3]. This was a frank two-way discussion with Java community leaders about Java security, bundled software installers, openness, communication and the technical/journalistic quality of recent press coverage in some venues. As Donald and Martin indicate on the call, we can expect this to be the tip of the iceberg of what will be done on the Java Security and communication fronts.
We encourage you to participate in this crucial dialog and provide your feedback.
John Spragge offers his opinions on these very issues in his intelligent, insightful blog post: A passionate defence of Java's virtues. We think it is well worth a read if you are a fan of GlassFish, Java EE or Java.
= - = - = - =
How to disable the Java web plug-in in Safari: https://support.apple.com/kb/HT5241
= - = - = - =
...from:
https://blog.mozilla.org/security/2013/01/29/putting-users-in-control-of-pl…
Mozilla Security Blog
Putting Users in Control of Plugins
JAN
29
2013
Mozilla is changing the way Firefox loads third party plugins such as Flash, Java and Silverlight. This change will help increase Firefox performance and stability, and provide significant security benefits, while at the same time providing more control over plugins to our users.
Previously Firefox would automatically load any plugin requested by a website. LeveragingClick to Play Firefox will only load plugins when a user takes the action of clicking to make a particular plugin play or the user has previously configured Click To Play to always run plugins on the particular website.
More User Control
Users should have the choice of what software and plugins run on their machine. Click to Play allows users to easily choose if they wish to run a plugin on a particular site. Users can also configure sites to never run plugins or conversely always run plugins. This change puts the user in control.
Increased Performance & Stability
Poorly designed third party plugins are the number one cause of crashes in Firefox and can severely degrade a user’s experience on the Web. This is often seen in pauses while plugins are loaded and unloaded, high memory usage while browsing, and many unexpected crashes of Firefox. By only activating plugins that the user desires to load, we’re helping eliminate pauses, crashes and other consequences of unwanted plugins.
Significant Security Benefits
One of the most common exploitation vectors against users is drive by exploitation of vulnerable plugins. In this kind of attack, a user with outdated or vulnerable plugins installed in their browser can be infected with malware simply by browsing to any site that contains a plugin exploit kit. We’ve observed plugin exploit kits to be present on both malicious websites and also otherwise completely legitimate websites that have been compromised and are unknowingly infecting visitors with malware. In these situations the website doesn’t have any legitimate use of the plugin other than exploiting the user’s vulnerable plugin to install malware on the their machine. The Click to Play feature protects users in these scenarios since plugins are not automatically loaded simply by visiting a website.
In addition to the security benefits provided by Click to Play Mozilla also strongly recommends that users keep their plugins up to date. The following website can be used to determine if plugins are current.
https://www.mozilla.org/plugincheck/
Implementing this change
Our plan is to enable Click to Play for all versions of all plugins except the current version of Flash. Click to Play has already been enabled for many plugins that pose significant security or stability risks to our users. This includes vulnerable and outdated versions of Silverlight, Adobe Reader, and Java.
More specifically, our next steps are the following:
1. Click to Play old versions of Flash (versions <=10.2.*) and slowly add more recent insecure Flash versions to the Click to Play list. Note: The most current version of Flash will NOT have Click To Play.
After we complete final UI work:
2. Click to Play current versions of Silverlight, Java, and Acrobat Reader and all versions of all other Plugins.
During this change we will monitor the results and feedback of the new settings and UI to ensure we’re providing a quality experience and delivering the many benefits of Click to Play to Firefox users.
Michael Coates
Director of Security Assurance
Wayne Billing
Classroom Technology Support
Audio Visual and Classroom Technology Support
130 Machray Hall Building
204-474-6649
204-807-3153 (cell)
204-474-7625 (fax)
Wayne_Billing(a)umanitoba.ca
...from:
https://itunes.apple.com/us/app/thx-tune-up/id592624594?mt=8
Open iTunes to buy and download apps.
Description
THX tune-up (TM) allows you to properly adjust your TV, projector and speakers, helping you get the most out of your entertainment system.
THX tune-up features custom video test patterns, carefully selected photos and tutorials to help you adjust and confirm the best picture settings on your display based on your room lighting. Using special test sounds, THX tune-up also lets you check your external speakers to make sure they are working in phase and are connected properly for 2-channel stereo or 5.1 surround sound systems.
THX tune-up is completely interactive and you will be able to go through it at your own pace and in any order. Use your iPad 2 (or later) or iPhone 4 (or later) to connect to your display or sound system with an AppleTM Digital AV Adapter and HDMI cable or through a wireless Apple TV.
To get started, locate the adjustment buttons on your television and audio video receiver (AVR) remote controls and then simply follow the THX app tutorials which will walk you through your “THX tune-up.” The app offers tips about your remote control, room lighting, viewing distance and other helpful advice.
Video adjustments
• Aspect ratio – ensure your TV displays shapes and sizes correctly
• Brightness – make certain shadow details and night scenes are clearly visible
• Contrast – confirm white detail is distinct on your television
• Color – make sure colors are bright and vibrant but not cartoonish
• Tint – check skin tones look natural and are not too green or red
THX tune-up uses your iPad or iPhone camera to set color and tint with a special built in color filter. Just point your device camera at the TV screen and see if your color or tint is adjusted correctly.
Audio adjustments
• Speaker assignment – ensure speakers are connected to the correct AVR output and intended sound is coming from the correct speaker
• Speaker phase – confirm that positive and negative speaker wires are connected correctly and all speakers are in phase
Extras
• Turn “moo can” on and tilt the iPhone or iPad to hear your device “moo”
• Play extraordinary THX trailers (just like the ones in THX Certified cinemas) to show off your newly tuned TV and sound system to friends and family
• Show off your audio system with the push of a button by playing “THX Deep Note” in 5.1 surround sound, just like in the theater
• Have a question for THX, or just want to provide feedback? Ask Tex!
Founded in 1983 by legendary director George Lucas, THX was born out of the desire to improve cinema audio and video capabilities. Since then, THX has taken this knowledge and translated it to other areas – including the home. THX believes everyone should have the best possible viewing and listening experience, regardless of the size and cost of the system they own.
[cid:E873A856-49CF-4232-9CBD-88BF0ADEBAFD]
[cid:683F31B7-0AF4-4EA5-B64F-85D74AA4CC37]
Wayne Billing
Classroom Technology Support
Audio Visual and Classroom Technology Support
130 Machray Hall Building
204-474-6649
204-807-3153 (cell)
204-474-7625 (fax)
Wayne_Billing(a)umanitoba.ca<mailto:Wayne_Billing@umanitoba.ca>