Homeland Security Warns to Disable Java
The U.S. Department of Homeland Security has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw.
Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.
“We are currently unaware of a practical solution to this problem,” said the DHS’ Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. “This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.”
Java users should disable or uninstall Java immediately to mitigate any damage.
—http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/
How to disable Java in your browser on Windows
Update: Oracle has released Java SE 7 Update 11, containing important security fixes. See Oracle Security Alert CVE-2013-0422 to learn more. Oracle strongly recommends that all Java SE 7 users upgrade to this release.
— oracle.com
Who is impacted by the Java security flaw?
by Josh Kirschner for Techlicious
Anyone who has Java Version 7 installed is vulnerable to being exploited. According to Oracle, the makers of Java, Java is installed on as many as 850 million personal computers worldwide.
Some reports have suggested that earlier versions of Java may be impacted as well. However, the well-respected security expert Brian Krebs says this is not the case. Until this question is resolved, it is safest to assume that all versions of Java could be vulnerable.
Java is used to run various types of local and web applications, and many of us may have knowingly or unknowingly installed it at some point in the past. Because Java is its own separate application used by programmers for cross-platform compatibility, the flaw affects all major operating systems and all browsers. (Note the risk here is specifically with “Java”, not the more commonly used “Javascript”, which is a completely different application.)
Some sites have suggested that Mac users may be protected with a security update Apple released on Friday to block Java applets. However, if you do not have automatic updates turned on or the fix turns out not to be complete, you may still be at risk.
Victims can be infected when they visit a compromised website and load a malicious Java applet. Depending on your browser settings, you may or may not see the option to block the applet before loading. Since any website with poor security can be compromised by hackers, don’t assume that a site is safe just because it is “legitimate.”
This excerpt appears with the permission of Techlicious.
