Homeland Security Warns To Disable Java.

ramblar

Forum Veteran
Homeland Security warns to disable Java amid zero-day flaw

Summary: The U.S. Department of Homeland Security is the latest body to warn users to disable Java software amid escalating concerns over a serious, exploitable vulnerability.

By Zack Whittaker for Zero Day |January 11, 2013 -- 16:41 GMT (08:41 PST)






The U.S. Department of Homeland Security has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw.

Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.
"We are currently unaware of a practical solution to this problem," said the DHS' Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. "This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available."
Java users should disable or uninstall Java immediately to mitigate any damage.
The latest flaw, as earlier reported by ZDNet, is currently being exploited in the wild, security experts have warned. Alienvault Labs have reproduced and verified claims that the new zero-day that exploits a vulnerability in Java 7, according to security expert Brian Krebs.
As you can see below we tricked the malicious Java applet to execute the calc.exe in our lab.
Verifying the flaw, security researchers were able to trick the malicious Java applet to execute the Windows calculator. Credit: Alienvault Labs
Java is used by hundreds of millions of Windows, Mac and Linux machines -- along with mobile devices and embedded systems -- around the world to access interactive content or Web applications and services.
It's not uncommon for the U.S. government -- or any other government agency -- to advise against security threats, but rarely does an agency actively warn to disable software; rather they offer advice to mitigate such threats or potential attacks, such as updating software on their systems.
 
OP
ramblar

ramblar

Forum Veteran
I've not been paying much attention to the news lately. Thanks for the heads up. :tu:
Yeah, I got on facebook today, the first thing it asked me when I logged on was a prompt to down load a Java script. NO!!!!!!!!!!!!!!!!!!!!
 
Windows 7 does not run Java? I truely am ignorant on that platform. I went from XP to Windows 8.
I'm slow about what different platforms have and stuff but I never java. on a couple of sites, it asked me to install it but I never was a fan of java though. my mom's computer has it and it annoys me for some reason. she has xp.
 

Gorgutz

Post-Mortem
I remember having most trojans entering my PC's asshole via java since years. It's not like that's something that new.
 
OP
ramblar

ramblar

Forum Veteran



On Wednesday, Apple released a Mac update for Lion and Mountain Lion that strips all Mac browsers of the Java plugin, another move in the company’s effort to distance itself from Oracle’s Java software. Once the update is installed, users presented with Java content will see a placeholder that reads “Missing Plug-in.” After which point, users can then download the plug-in directly if desired.


Earlier this year, Apple had a bit of battle going on with the Flashback malware that threatened OS X users by exploiting a vulnerability in Java. In April, the company was forced to release a second software update for Lion 10.7 to solve the problem. Previously, Apple ceased including pre-installed version of Java in its OS, and then later released an update that disabled Java if it hadn’t been used in a certain period of time.
This isn’t the first time Java has come under fire for its vulnerabilities. Oracle’s software framework is one of the most exploited pieces of software you can run, and Oracle has been forced to address vulnerabilities in the recent past. One of the latest examples happened back in August, when exploits were produced and released for Java 1.7, forcing Oracle to cobble together a patch.
According to the Apple Support page, this update is for OS X 10.7 and later. In addition to stripping browsers of the Java plug-in, it also removes the Java Preferences application, which it says is not required for applet setting configuration. Some tech experts recommended that you disable Java if you don’t use it, thusly reducing the odds of your machine being infiltrated.
 
I

Ivan Drago

Guest
If I did disable java would I still be able to watch vid clips etc.......?
 
OP
ramblar

ramblar

Forum Veteran
From the Java website:
What is Java?

Java allows you to play online games, chat with people around the world, calculate your mortgage interest, and view images in 3D, just to name a few. It's also integral to the intranet applications and other e-business solutions that are the foundation of corporate computing.

So, I don't know, or even if another application can take it's place.
 
I

Ivan Drago

Guest
Java 7 update 11 is telling me it is ready to install now I don't think I should. :shrug:
 
Top