Posted on 01/11/2013 6:44:04 PM PST by LouAvul
Edited on 01/11/2013 7:18:00 PM PST by Admin Moderator. [history]
WASHINGTON (AP) — The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.
The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts.
Experts believe hackers have found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief.
Excerpt, read more at Windstream
Disabled in your browser? The only threat is from visiting malicious web sites so keep it enabled on the system.
When people surf random websites they can expect to get pwned. They should not expect any AV software, or any amount of turning off or any government advice to save them. Java will be safe if downloaded from any reasonable site, obviously not porn or russian sites with miracle cures, or making $200 an hour surfing or anything else like that.
HUH? Seriously, you didn't read the alert or you don't understand it.
Don't care what YOU do, but the alert is real, dangerous and is a serious exploit of Java. Others should take heed. Or not.
If all you go by is these alerts then you may else well unplug from the internet. They will not keep you safe. OTOH, disabling java will mostly lose animated ads which are worthless anyway. Where this alert utterly fails is that it does not mention that the problem is malicious websites, not java. You must click on (or be redirected to) a malicious web site (and if you are redirected, it means the one you were at was malicious). Going to malicious websites has always been risky and always will be.
Are you retarded?
This is an exploit of the official Java. It has nothing to do with downloading it. You still haven’t read the alert have you?
It’s definitely not fluff. Our faculty member who is the security guy and I were talking about the threat this morning. I’ve been seeing bits and pieces for a while in the various online software blogs. Unfortunately, I’m teaching an intro Java course right now and I can’t disable it and still work. I’m also teaching a DB course that uses Oracle. This is nothing new, these little bugs have been around for a number of years, they’re just getting more serious of late.
Hopefully that line is satirical. The U.S. Gov like so many others bought into the Java is a more secure language myth years ago.
As you suggest, exploits have been around a long time. In the past, the security firms send out an alert, a patch is made, (essentially an upgrade to the program) and the cat ‘n mouse game goes on.
We don’t see a lot of alerts telling end consumers to not use the feature (Java in this case). That said an upgrade (patch) will be out soon, (a few days?) and life will go on.
Next the code exploits some vulnerability in the VM or interpreter, usually some kind of memory error. The memory error causes memory corruption which causes the VM or whatever to execute improper instructions which cause the actual damage (in the current case allowing the java VM to download and execute arbitrary binary code).
Nobody uses Java to make animated ads. It's too slow and clunky and too much of a pain to write. Plus, lots of folks have it disabled.
Animated ads are almost always Flash. Although, you can probably expect to see more and more HTML5-based ads.
DHS is just pissed that they can’t spy on programs running in the Java Runtime Engine(JRE) and they want us all to exit Java so we can be spyed on. I mean the JRE was created largely for its security. The code runs in a virtual environment that has no way for attackers to use their usual hacking tools and methods. I doubt this info very much and I have received no alerts from Kaspersky.
What Apple wants, Obama gives.
Thanks Lou
I disabled 2 Java add-ons a day or so ago, after reading another thread about it. After reading this thread I went back to the add on page to see what version it was. Now it’s highlighted in red with a warning about it being known to be vulnerable, and to use with caution. That wasn’t there before when I disabled it. I’m not even sure why I have to have Java anyways, unless it’s for those video games I like to play sometimes. Thanks again for the heads-up.
obammy says you can also disable Java by turning in your guns.
Somehow or another, Java must be f'ing with some nefarious .gov scheme.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.