U.S. warns on Java software as security concerns escalate

[mightymen]

U.S. warns on Java software as security concerns escalate | Reuters

The U.S. Department of Homeland Security urged computer users to disable Oracle Corp's Java software, amplifying security experts' prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web

 

[yzer]

Yikes! Thanks, and done.

Here is how to disable Java.

How to Disable Java | PCMag.com

 

[Kopfstimmen]

I did this a few days ago. If you're a facebook user, it's a good idea to follow Sophos. Much easier than keeping an eye on their website.
https://www.facebook.com/SophosSecurity

 

[yzer]

Oracle says they have a new patch out to fix the security issue. After I disabled Java I went ahead and uninstalled it. Doesn't look as if I was using it for anything. If I should need it again I'll install the latest version.

 

[mightymen]

Security researcher Adam Gowdiak from Security Explorations has been keeping an eye on the software flaws in Java over the past year.
It's still not safe.

Once Gowdiak analyzed the latest update to Java, he found that the patch still leaves a number of "critical security flaws," according to Reuters. This statement, mirrored by AlienVault Labs' Jaime Blasco who branded Oracle's offering as a "mess," was later reinforced by the firm's recommendation against using the software.

"We don't dare to tell users that it's safe to enable Java again," Gowdiak commented.

http://www.zdnet.com/security-exper...-day-exploit-could-take-two-years-7000009756/

 

[DaveP]

Java is disabled in my browsers anyway, as well as other plugins that I don't need to use. About twice a year I get calls from family and friends who want me to look at their laptop or netbook because it won't boot without popups that prevent them from selecting anything. I usually find a rootkit virus and have to do boot sector replacement and extensive scans. The last time that happened for the third time, I just did a backup OS replacement from his "factory fresh" copy on the D drive. Funny, he hasn't asked my for help anymore!

When you load up the right tools to prevent infection and they have been deleted the next time they bring it back for help, it gets old. You have to teach them the importance of regular backups and maintenance of the tools you give them. Clean and wipe seems to stress that point to those who don't believe you ...

You don't need Java

 

[JustaGuy]

Thanks for the heads up. Here's another article on it: Homeland Security still says no to Java - Technology on NBCNews.com

 

[teggykid952]

Uninstalled!

 

[Tracker II]

A mighty thank you to you Mightymen!

 

[DaveP]

Java is a good language for graphic elements in a browser. It's just so popular that it's a target for rogue programmers who are looking for a way to infect large numbers of computers. It's on our phone, computers, tablets, and book readers, so it's a good target to hit.

It's also a good thing that the internet works without Java. I went to a vendor's website to check on a tracked package yesterday. Their tracking routine told me that I had to have Java enabled to check on my USPS shipment. Bah! I just copied the tracking number and pasted it into the USPS.com website and got the info I wanted. there are ways around Java.