Reading
blue-triangle-element

Articles

PFRE is the original online resource for real estate and interior photographers. Since 2006, it has been a community hub where like-minded professionals from around the world gather to share information with a common goal of improving their work and advancing their business. With thousands of articles, covering hundreds of topics, PFRE offers the most robust collection of educational material in our field. The history of real estate photography has been documented within these pages.
All Articles
blue-triangle-element

Latest

Congratulations to Marcus Biastock of Anchorage, Alaska--November 2020 PFRE Photographer of the Month! The theme this month was "open" meaning any real estate photo was fair game. Marcus Biastock #276 Pierre Galant #271Andrew Bramasco #253Dan Solomon # ...

COMMUNITY
blue-triangle-element

Forum

The PFRE Community Forum is an online resource for discussing the art and business of Real Estate and Interior Photography.
Join The Discussion
blue-triangle-element

Latest

View Now
Contest
blue-triangle-element

OVERVIEW

For over a decade, photographers from around the world have participated in PFRE’s monthly photography contests, culminating in the year-end crowning of PFRE’s Photographer of the Year. With a new theme each month and commentary offered by some of the finest real estate & interior photographers anywhere, these contests offer a fun, competitive environment with rich learning opportunities. 

Contest Rules
blue-triangle-element

CURRENT CONTESTS

View / Submit
blue-triangle-element

PAST CONTESTS

View Archive
Conference
blue-triangle-element

Conference

PFRE’s Annual Conference in Las Vegas provides real estate and interior photographers from around the world an opportunity to meet on an annual basis, to learn, share best practices and make connections. Many of the leading names in our field are selected to speak on topics aimed at improving our craft and advancing our business. It’s a comfortable, relaxed environment that is fun, easy to get to, and affordable.
blue-triangle-element

Upcoming

PFRE Conference 2020

Register Now
blue-triangle-element

Latest News

Last Call to Register for the PFRE Virtual Conference 2020 - Use Discount Code: PFRE50 to Save $50!

Last call to register for PFRE Virtual Conference 2020. Use discount c ...

Sneak Peek - PFRE Virtual Conference 2020

We are less than two weeks away from the PFRE Virtual Conference. Chec ...

Limited Early Bird Spots on Sale Now! PFRE Virtual Conference 2020

The roster of presenters is full, and the PFRE Virtual Conference is o ...

PFRE Virtual Conference 2020 Announcement: Presenter Line Up Part 2 of 2

*Early bird tickets go on sale September 28th* Here are the remaining ...

Podcast
blue-triangle-element

Podcasts

The PFRE podcast is focused on having meaningful conversations with world-class photographers, business professionals and industry leaders, with the goal to inform and inspire.
All Podcasts

Coming Soon...

Resources
blue-triangle-element

Resources

PFRE prides itself on the depth and breadth of the information and professional development resources it makes available to our community. Our goal is to help real estate and interior photographers be successful while bringing the community together and elevating the industry as a whole.
blue-triangle-element

Directory

Coming Soon...

Java Is A Security Disaster - It Is Time To Stop Using It For Real Estate Tours

In: ,
Published: 12/03/2013
By: larry

imagesI've had this post simmering on the back back burner for several weeks but it's time to remind the whole real estate community to stay away from JAVA! First of all a short history of Java as it relates to real estate tours:

  1. During the mid-2000s Java was used extensively as a technology that made 360s and other real estate tour animation work. It was great technology before Flash became widely used. I sill have a bunch 360s of our old listings that require Java to view. Many tour offerings have never been updated.
  2. Over the last year and several months a series of security flaws have been discovered in Java.
  3. Oracle, who acquired Java from Sun Microsystems currently maintains Java has been working at fixing security problems. But they are behind the curve and hackers finding flaws faster than Oracle fix the flaws. Every week for the last 3 weeks Oracle has released security fixes to Java but there are still known unfixed security problems.
  4. Earlier this year Apple removed Java from the OS X distribution. Now you have to manually install it yourself to run it.
  5. A couple of weeks ago some internal Apple developers were infected by a Java exploit at a development site.
  6. Back in January the Department Of Homeland Security advised that all computer users disconnect Java from their browsers. Java is a very popular language and is harmless if it's not connected to your browser. Many large companies (including banks) have specialized applications written in Java.
  7. Cisco Systems, the company that makes most of the worlds internet routers, has a 2013 security report that says that Java exploits (security flaws) comprised 87 percent of total web exploits.
  8. Technical note: Java has nothing to do with Javascript despite the name similarity.

Given this history and the number of good alternatives for 360 display and tour animation it is clearly no longer prudent or responsible to be using Java as a 360 display or tour technology. I think real estate photographers should be doing everything they can to discourage the use of Java in tours 360 image display.

Within the last week I've:

  • Encountered several real estate photographers that still provide 360s the require Java.
  • The top Realtor in my city has a $1M+ listing on realtor.com that has a tour that requires Java.

Please join me in encouraging real estate photographers and agents to update their tour and 360 display technology.

 

 

16 comments on “Java Is A Security Disaster - It Is Time To Stop Using It For Real Estate Tours”

  1. @Steve- No this is not about Flash... What I'm pointing out is that there are specific known continuing security exploits going on with Java.

  2. Hi Larry,
    Here is a link that may be of interest to you and the PFRE readers regarding Java from USA Today's computer guru:

    http://www.usatoday.com/story/tech/columnist/komando/2013/01/31/komando-java-security-alert/1871047/

    The short version is:

    "First, make sure you have the most recent version of Java from Oracle's site.

    To bring up Java's new security settings, go to Start>>Computer and type "Javacpl.exe" in the search bar.

    If it doesn't appear, you may have to find it manually. Go to Start>>Computer and open your Local Disk (C:). Go to Program Files (x86)>>Java>>jre7>>bin and scroll down until you see "javacpl.exe". On 32-bit computers, the file is in Program Files>>Java>jre7>>bin.

    Run javacpl.exe to load Java's control panel and select the Security tab. Uncheck the box that says "Enable Java content in the browser." Then restart any browsers you have running.

    Mac users can find the setting by going to System Preferences and clicking on the Java icon — it looks like a steaming cup of coffee.

    This will disable Java in your browser, but still let you use it for desktop programs.

    Warning: If you do head into your browser settings to check that Java is disabled, you might see something called JavaScript. Don't disable JavaScript! It's a different animal and has no security issues.

    Although it's safer to run Java for a desktop program, it's best to get it off your machine if you don't need it."

    Quoted from USA Today Tech Blog

  3. ...So what do we do when half of the websites say they're inaccessible unless you enable Java?

  4. Great post Larry. Java is definitely not secure, and to Steve's comment Flash is not much better. In fact every time you get an notification to update Flash (seems like every other week!) it's usually because they've patched more security flaws. The problem with all these patches is that hackers can and do reverse engineer the patch code to identify the security exploit it was meant to fix, and then use the exploit to hack those who have not yet installed the update. So at the very least make sure you stay updated if you're using Flash or Java, but going forward HTML5 looks to be a better option. It's much more secure, more stable and is now fully supported by most modern desktop and mobile browsers.
    If you're interested in what HTML5 can do, you can learn more about it and see some great demos here: http://www.apple.com/html5/

  5. Sorry for the double post, but I can't even open online .pdf forms (model release templates, etc) without Java. I'm not computer illiterate, but I don't know how to circumvent the issues that arise if I don't have Java when so may websites "require" it.

  6. @Craig- I don't find all that many sites require Java... I've not had it installed on any of my machines or any of the machines of people in my family that I help out, for at least a year. Java is usually only used if you work for a large company that has decided to use it internally. Some large Swedish banks use it on their sites but for the majority of people you can live with in uninstalled completely.

    If anyone has a site they must use they can turn it on in one browser and only use that browser for Java site access and use a browser that doesn't have Java connected to the browser for all other access so your risk is minimized.

  7. Hi Folks, just to clarify, there are 3 different technologies being mentioned in the comments above. They can all be used to create things like tours or slideshows.

    Flash, from Adobe. Pros: content is displayed the same regardless of whether you are using Windows or Mac, FireFox or Internet Explorer. Cons: Requires a plugin and does not work in Apple mobile products like iPhones and iPads. Nutshell: Think fancy animation.

    JavaScript, from Microsoft/Netscape. Pros: requires no plugin and works on iPhone and iPads. Cons: May work differently on Windows vs. Mac and/or FireFox vs. Internet Explorer. Nutshell: Think lightweight software.

    Java, from Sun. Pros: Supposed to work the same regardless of OS or web browser and give you the power of traditional software. The goal of Java was to let a programmer write software once and have it run on anything that has a plugin. Cons: Requires a plugin. The way the plugin works is fundamentally flawed from a security standpoint. Thumbnail: Think heavyweight software that hackers find user-friendly.

    Example: You would use Java to create something like Microsoft Outlook. You would use JavaScript to make something like Google Mail. You would use Flash to create a sexy animated ad promoting the other two.

    As Aric, mentioned, the trend is to use JavaScript because it offers a better balance of form vs. function (animation vs. software) without relying on a plugin.

    Hope this helps.

  8. @Kelvin- Then Costco has more than one uploader!... I just uploaded a large file for a 40x30 canvas print yesterday and I assure you I don't have Java installed on my iMac.

  9. Also I'd like to point out, property websites with virtual tours using JavaScript are perfectly safe.

  10. Java, not Java script, is a security Chernobyl. No safe version exists. How do I know this? I have family in the internet security business. Don't believe me? Follow some serious penetration testing folks on Twitter for a couple of weeks.

    I have Java disabled on all my devices and will not enable it. It's so bad Apple recentlyunilaterally disabled Java on all OSX computers connected to the internet. They then release an OSX update weeks later to reinstall a version that is safe from the most common exploits. Whether or not it's literally possible to ever make Java secure without starting from scratch remains to be seen. Large corporations rely on old Java apps for critical IT tasks and are lunable to change over to a more appropriate platform because of the potential for disruption and the replacement/retraining costs.

    Flash is not only insecure, it is evil. Flash is bloated and inefficient beyond imagination. Even Adobe abandoned mobile Flash because the underlying code is so bad it overheated and sucked batteries dry in mobile devices... including the various flavors of Android. I realize there is a religious aspect to attacking/defending Flash because Steve Jobs declared it dead and caused immediate polarization among users and developers. But in fact it too is probably impractical to fix.

  11. i'll try again on the right post this time ha ha

    We might have to take a look into exactly what we are using at our company here in melbourne. no issues security wise so far but definately an important reminder to take a good look at security at all times I agree.

Leave a Reply

Your email address will not be published. Required fields are marked *

magnifiercrossmenucross-circle