Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

US government tells computer users to disable Java
WindstreamNews ^ | Jan 11, 2013 | Terence P. Jeffrey

Posted on 01/11/2013 6:44:04 PM PST by LouAvul

Edited on 01/11/2013 7:18:00 PM PST by Admin Moderator. [history]

WASHINGTON (AP) — The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.

The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts.

Experts believe hackers have found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief.

Excerpt, read more at Windstream


TOPICS: Government; Miscellaneous
KEYWORDS: sourcetitlenoturl

1 posted on 01/11/2013 6:44:06 PM PST by LouAvul
[ Post Reply | Private Reply | View Replies]

To: LouAvul

Nonsense.


2 posted on 01/11/2013 6:48:16 PM PST by jennychase
[ Post Reply | Private Reply | To 1 | View Replies]

To: LouAvul

bkmk


3 posted on 01/11/2013 6:51:34 PM PST by BenLurkin (This is not a statement of fact. It is either opinion or satire; or both)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LouAvul

ping


4 posted on 01/11/2013 6:53:18 PM PST by Jude in WV
[ Post Reply | Private Reply | To 1 | View Replies]

To: jennychase

http://reviews.cnet.com/8301-13727_7-57563567-263/new-malware-exploiting-java-7-in-windows-and-unix-systems/

...A new Trojan horse called Mal/JavaJar-B has been found that exploits a vulnerability in Oracle’s Java 7 and affects even the latest version of the runtime (7u10).

The exploit has been described by Sophos as a zero-day attack since it has been found being actively used in malware before developers have had a chance to investigate and patch it. The exploit is currently under review at the National Vulnerability Database and has been given an ID number CVE-2013-0422, where it is still described as relatively unknown...

...uckily with the latest versions of Java, users who need to keep it active can change a couple of settings to help secure their systems. Go to the Java Control Panel that is installed along with the runtime, and in the Security section uncheck the option to “Enable Java content in the browser,” which will disable the browser plug-in. This will prevent the inadvertent execution of exploits that may be stumbled upon when browsing the Web, and is a recommended setting for most people to do. If you need to see a Java applet on the Web, then you can always temporarily re-enable the plug-in.

The second setting is to increase the security level of the Java runtime, which can also be done in the same Security section of the Java Control Panel. The default security level is Medium, but you can increase this to High or Very High. At the High level, Java will prompt you for approval before running any unsigned Java code, and at the Very High level all Java code will require such approval, regardless of whether or not it is signed.

Since this threat is Java-based, it will only affect systems that have Java installed. Most platforms do not come with Java, but if you have installed it and do not need or regularly use it, you might consider removing it from your system...


5 posted on 01/11/2013 6:54:22 PM PST by jjotto ("Ya could look it up!")
[ Post Reply | Private Reply | To 2 | View Replies]

To: LouAvul

There was a different article about a Java threat posted here earlier.

This new article should stay, but Freepers may also want to consult the other one:

http://www.freerepublic.com/focus/f-news/2976900/posts


6 posted on 01/11/2013 6:55:28 PM PST by Cicero (Marcus Tullius)
[ Post Reply | Private Reply | To 1 | View Replies]

To: All

I disabled it and had to re-enable it or a program I need won’t load. Oh well.


7 posted on 01/11/2013 6:58:29 PM PST by BipolarBob (Happy Hunger Games! May the odds be ever in your favor.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jennychase
Nonsense

"Mein Fuhrer, das Russkies sind auf das outskirts ov Berlin!"

8 posted on 01/11/2013 7:02:07 PM PST by Revolting cat! (Bad things are wrong! Ice cream is delicious!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: LouAvul

Yeah disable Java...wouldn’t we all love to do that in a perfect world. Good luck doing that in an enterprise that uses ADP products, Kronos etc...
Lunacy.


9 posted on 01/11/2013 7:02:30 PM PST by miliantnutcase
[ Post Reply | Private Reply | To 1 | View Replies]

To: LouAvul

I’m sure the U.S. govt. has no applications that use java. They are smarter than that.


10 posted on 01/11/2013 7:23:11 PM PST by unixfox (Abolish Slavery, Repeal The 16th Amendment!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jennychase
Nonsense.

Uhhhh this alert is real and not fluff. Google it.

11 posted on 01/11/2013 7:30:31 PM PST by Drango (A liberal's compassion is limited only by the size of someone else's wallet.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: jjotto

Thanks!


12 posted on 01/11/2013 7:33:58 PM PST by colinhester
[ Post Reply | Private Reply | To 5 | View Replies]

To: LouAvul

Tick, tick, tick...waiting for my 90 year old mother who reads all the junk advice emails to ask if she needs to disable something called java on her computer.


13 posted on 01/11/2013 7:51:28 PM PST by gunsequalfreedom (Conservative is not a label of convenience. It is a guide to your actions.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: gunsequalfreedom

14 posted on 01/11/2013 7:56:35 PM PST by carriage_hill ("I meant to say maggot, but I have a lisp.")
[ Post Reply | Private Reply | To 13 | View Replies]

To: carriage_hill

is it 3 o’clock in the morning?


15 posted on 01/11/2013 8:25:08 PM PST by theDentist (FUBO; qwerty ergo typo : i type, therefore i misspelll)
[ Post Reply | Private Reply | To 14 | View Replies]

To: carriage_hill

is it 3 o’clock in the morning?


16 posted on 01/11/2013 8:25:15 PM PST by theDentist (FUBO; qwerty ergo typo : i type, therefore i misspelll)
[ Post Reply | Private Reply | To 14 | View Replies]

To: theDentist

No one’s home at The White Hut/Crib.

(((click)))

“Leave a message and we’ll get back to you, sometime...”


17 posted on 01/11/2013 8:27:39 PM PST by carriage_hill ("I meant to say maggot, but I have a lisp.")
[ Post Reply | Private Reply | To 15 | View Replies]

To: LouAvul

The government wants me to turn off my own paid-for software!
The government wants me to eat what i cannot!
The government wants me to jump their hoops!

SEZ YOU!!!


18 posted on 01/11/2013 9:03:13 PM PST by Terry L Smith
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cicero

Typical AP. So up Obama’s ass that they are to busy to tell people how to disable it!


19 posted on 01/11/2013 9:28:13 PM PST by willk
[ Post Reply | Private Reply | To 6 | View Replies]

To: LouAvul
Thxs, for the post.

20 posted on 01/11/2013 9:43:34 PM PST by skinkinthegrass (who'll take tomorrow,spend it all today;who can take your income,tax it all away..0'Bozo man can :-)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BipolarBob

Disabled in your browser? The only threat is from visiting malicious web sites so keep it enabled on the system.


21 posted on 01/11/2013 9:58:32 PM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Drango
The main problem with this "alert" is that it doesn't solve the problem which is malicious websites, not java. Have you disabled Flash? Have you uninstalled most other plug-ins, particularly Adobe Reader? Not to pick on Adobe, but they have a far lamer security model than Java.

When people surf random websites they can expect to get pwned. They should not expect any AV software, or any amount of turning off or any government advice to save them. Java will be safe if downloaded from any reasonable site, obviously not porn or russian sites with miracle cures, or making $200 an hour surfing or anything else like that.

22 posted on 01/11/2013 10:06:05 PM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 11 | View Replies]

To: palmer
Java will be safe if downloaded from any reasonable site,

HUH? Seriously, you didn't read the alert or you don't understand it.

Don't care what YOU do, but the alert is real, dangerous and is a serious exploit of Java. Others should take heed. Or not.

23 posted on 01/11/2013 10:13:07 PM PST by Drango (A liberal's compassion is limited only by the size of someone else's wallet.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Drango

If all you go by is these alerts then you may else well unplug from the internet. They will not keep you safe. OTOH, disabling java will mostly lose animated ads which are worthless anyway. Where this alert utterly fails is that it does not mention that the problem is malicious websites, not java. You must click on (or be redirected to) a malicious web site (and if you are redirected, it means the one you were at was malicious). Going to malicious websites has always been risky and always will be.


24 posted on 01/11/2013 10:22:59 PM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 23 | View Replies]

To: palmer

Are you retarded?

This is an exploit of the official Java. It has nothing to do with downloading it. You still haven’t read the alert have you?


25 posted on 01/11/2013 10:31:22 PM PST by Drango (A liberal's compassion is limited only by the size of someone else's wallet.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Drango

It’s definitely not fluff. Our faculty member who is the security guy and I were talking about the threat this morning. I’ve been seeing bits and pieces for a while in the various online software blogs. Unfortunately, I’m teaching an intro Java course right now and I can’t disable it and still work. I’m also teaching a DB course that uses Oracle. This is nothing new, these little bugs have been around for a number of years, they’re just getting more serious of late.


26 posted on 01/11/2013 10:37:31 PM PST by RJS1950 (The democrats are the "enemies foreign and domestic" cited in the federal oath)
[ Post Reply | Private Reply | To 11 | View Replies]

To: unixfox

Hopefully that line is satirical. The U.S. Gov like so many others bought into the Java is a more secure language myth years ago.


27 posted on 01/11/2013 10:39:40 PM PST by RJS1950 (The democrats are the "enemies foreign and domestic" cited in the federal oath)
[ Post Reply | Private Reply | To 10 | View Replies]

To: RJS1950

As you suggest, exploits have been around a long time. In the past, the security firms send out an alert, a patch is made, (essentially an upgrade to the program) and the cat ‘n mouse game goes on.

We don’t see a lot of alerts telling end consumers to not use the feature (Java in this case). That said an upgrade (patch) will be out soon, (a few days?) and life will go on.


28 posted on 01/11/2013 10:46:36 PM PST by Drango (A liberal's compassion is limited only by the size of someone else's wallet.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Drango
Java doesn't do anything unless you download code. No different from Adobe's Flash and their reader. The first step in the exploit is attracting the victim to a malicious website. Most victims go there willingly (porn, get-rich-quick, or other to-good-to-be-true). They download the code. Then the code executes inside the Java VM (or inside of Flash or inside Adobe or even just inside a browser with Javascript turned on. Or any other plug-in that can execute code of some sort.

Next the code exploits some vulnerability in the VM or interpreter, usually some kind of memory error. The memory error causes memory corruption which causes the VM or whatever to execute improper instructions which cause the actual damage (in the current case allowing the java VM to download and execute arbitrary binary code).

29 posted on 01/11/2013 10:50:37 PM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 25 | View Replies]

To: palmer
OTOH, disabling java will mostly lose animated ads which are worthless anyway.

Nobody uses Java to make animated ads. It's too slow and clunky and too much of a pain to write. Plus, lots of folks have it disabled.

Animated ads are almost always Flash. Although, you can probably expect to see more and more HTML5-based ads.

30 posted on 01/11/2013 10:56:57 PM PST by cynwoody
[ Post Reply | Private Reply | To 24 | View Replies]

To: LouAvul

DHS is just pissed that they can’t spy on programs running in the Java Runtime Engine(JRE) and they want us all to exit Java so we can be spyed on. I mean the JRE was created largely for its security. The code runs in a virtual environment that has no way for attackers to use their usual hacking tools and methods. I doubt this info very much and I have received no alerts from Kaspersky.


31 posted on 01/12/2013 12:11:31 AM PST by lwoodham (I am Andrew Breitbart. Don't doubt me on this.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LouAvul

What Apple wants, Obama gives.


32 posted on 01/12/2013 12:35:08 AM PST by Talisker (One who commands, must obey.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LouAvul

Thanks Lou
I disabled 2 Java add-ons a day or so ago, after reading another thread about it. After reading this thread I went back to the add on page to see what version it was. Now it’s highlighted in red with a warning about it being known to be vulnerable, and to use with caution. That wasn’t there before when I disabled it. I’m not even sure why I have to have Java anyways, unless it’s for those video games I like to play sometimes. Thanks again for the heads-up.


33 posted on 01/12/2013 12:42:45 AM PST by A child of Yah
[ Post Reply | Private Reply | To 1 | View Replies]

To: LouAvul

obammy says you can also disable Java by turning in your guns.


34 posted on 01/12/2013 3:57:01 AM PST by TangoLimaSierra (To the left the truth looks like Right-Wing extremism.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LouAvul
<skeptical>

Somehow or another, Java must be f'ing with some nefarious .gov scheme.

35 posted on 01/12/2013 4:07:30 AM PST by tomkat (HELL NO)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson