yea, we dont have ips or ids. something i really should get to setting up.
informationweek is saying this attack is hard to detect with IPS.
Java Zero-Day Attack Could Hit Enterprises Hard - Security - Attacks/breaches - Informationweek
quoted:
In the wake of the latest Java vulnerability, which is difficult to spot, the prevailing security advice has been to disable Java altogether. "The configuration I used to test [the exploit] would be caught by [an] IPS with good rules [but] if you just enable the Metasploit built-in SSL options, an IPS would be blinded to this," said Maynor at Errata Security. "I have tried two different desktop protection suites from McAfee and Symantec. Neither stopped the threat, but then again, they really aren't designed to. This is a perfect exploit to use for phishing, or [targeting] social media users."
The new exploit may have already been used against your business. "Remember to search your logs for connections to the Domains/IPs related to this attack," said Jaime Blasco, a malware researcher at AlienVault Labs, in a blog post.
For businesses that can't disable Java, for example because they need to support functionality on intranet pages, here's a temporary workaround: "Use your client firewall to disallow access to non-intranet resources for javaw.exe (on Windows)," said Wisniewski at Sophos. "Another solution is to surf the net using your favorite browser with Java disabled, and have an alternate browser available for the occasional site that needs it--Java is not JavaScript, you almost never need it," he said.
