Comments

You have commented 358 times on Rantburg.

Your Name

Your e-mail (optional)

Website (optional)

	My Original Nic Pic-a-Nic Sorry. Comments have been closed on this article.
Foto

Submit your comments on this article

Government

Java Software Said to Put Computers in Peril

2013-01-12

[An Nahar] The U.S. Department of Homeland Security warned Thursday that a flaw in Java software is so dangerous that people should stop using it.
"It could kill you! Really!"
"At the very least you could go blind!"
"This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits," the department's Computer Emergency Readiness Team said in a notice on its website.
"Reported to be"? Did you go look? I'm reported to be 6'2" tall, with wavy blond hair, and not only a six-pack but a twelve-pack.

And very handsome your reported appearance is, too.

"We are currently unaware of a practical solution to this problem."
"There probably isn't one. Quit using Android. Quit using Oracle's database interface. Quit using all that stuff. It's too dangerous!"
The recommended solution was to disable Java, which typically runs as a plug-in program in web browsers.
If you want to do nifty things with your Oracle database without having to use that black-and-white command line with all the commands you can't remember then you need Java. But who uses Oracle, anyway?
Java is distributed by business software powerhouse Oracle and is popular because it lets developers create websites in code that can be accessed regardless of a computer's operating system.
Java Server Pages runs on the server, not on the client machine.
Java was created by Sun Microsystems, which was purchased by Northern Caliphornia-based Oracle.
Ahah! That must be the problem! I'm not too sure why, but it must.
Hackers who get people to visit booby-trapped websites can exploit the Java vulnerability to execute code on computers, according to security firms that have backed up CERT's warning.
There's a less hysterical description here.

Be aware that it's particularly difficult to completely detach Java from Internet Explorer. If that's the browser you use, you might want to switch to Firefox or some similar substitute, at least until this gets cleaned up. It takes two clicks to disable Java in Firefox. And it will take two clicks to re-enable it once a cleaned up version of Java is available. But I personally wouldn't wait for that unless you're fond of supporting Bulgarian hackers, Russian criminals and Chinese information ops types.

Posted by:Fred

#5 Very capable coders at Sun will roll out a patch if they have not already done so. They are far more competant than say, the locals who colaborate on attempting to write illegally malicious software, will ever hope to be. :)

Posted by: wr 2013-01-12 18:08

#4 "This would never happen to an Apple product!"

/Inerd

Posted by: Charles 2013-01-12 15:18

#3 If you use Firefox, install the NoScript extension.

"Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks."

You can forbid Java to run on non-whitelisted sites (see options, Embeddings tab).

Posted by: Mike Ramsey 2013-01-12 10:26

#2 So, Sun Microsystem's check didn't show up at the appropriate Donk 'Reelection' donation box?

Posted by: Procopius2k 2013-01-12 09:59

#1 I've notice most online payments require Java...just saying..

Posted by: Water Modem 2013-01-12 00:07

00:00