Stop using Java: security warning

[rpm]

Java security warning from US

The US Department of Homeland Security warned Thursday that a flaw in Java software is so dangerous that people should stop using it.

 

[snobee]

Here is another article giving more info: http://www.reuters.com/article/2013/01/10/us-java-security-idUSBRE90919X20130110

 

[nelwa]

To the layman out there...please be aware that Java and Javascript is not the same thing. You don't need to disable javascript.

 

[Electron1]

How many Businesses use Java as a platform for their LOB applications?
In their case it cannot be turned off. I hope there is a way to mitigate the vulnerability.
I'd hate to think what could happen if their LOB systems are taken out by hackers.

More relevant info:
new-java-vulnerability-is-being-exploited-in-the-wild-disabling-java-is-currently-your-only-option

US CERT advisory


Blog that exposed the issue of the malware being present in exploit kits

 

[sajunky]

To the layman out there...please be aware that Java and Javascript is not the same thing. You don't need to disable javascript.

Javascript should be disabled all the time for a similiar reason.

 

[simonbuerger]

Javascript should be disabled all the time for a similiar reason.

If you're willing to live with a massively degraded user experience on most sites.

 

[Bundu]

not sure if it's the same story, but my Forefox automatically blocked Java
https://addons.mozilla.org/en-US/firefox/blocked/p182

 

[cronjec]

Javascript should be disabled all the time for a similiar reason.

Nonsense. Most modern websites will not work with JavaScript disabled. Rather read up on the browser settings that control script execution if you have a concern.

 

[w1z4rd]

Javascript should be disabled all the time for a similiar reason.

:erm:, not at all. Theyre not even remotely the same.

Java is a freeken huge security hole. Javascript is not.

 

[biometrics]

Just switched to a new laptop and haven't needed to install Java for anything yet.

Before I needed it for NetBeans but I've switched to Sublime Text and that doesn't need it.

Do you need it for Facebook? Don't use that either.

 

[RyanPCMR]

Just use Firefox and download the NoScript add-on. This will block plugins and scripts on sites by default and you can choose when you want to enable it for websites.

 

[j4ck455]

Java is a freeken huge security [highlight]home.[/highlight]

That might have been true when Sun Microsystems was still large and in charge of Java, but the same cannot be said with Orc-ale at the helm.

 

[LazyLion]

So how do I know if somebody has hacked or disabled a PC using this exploit? ... because I have had two clients call me this weekend with blue screens of death out of the blue. They both reported strange behaviour on their PCs beforehand and the one client had his business website hacked by some middle eastern dude.

 

[Rodent-Boy]

Java is used by FNB business banking. But then FNB is so bad in every other department, a major security hack wouldn't be too much of a shock.
Sent from my RM-821_apac_malaysia_316 using Board Express

 

[sajunky]

If you're willing to live with a massively degraded user experience on most sites.

All depends what things you are interested on Web. Perhaps my user experience is different to yours, as you seem to enjoy all bulls$*t you are receiving with Javascript. I don't.

 

[w1z4rd]

That might have been true when Sun Microsystems was still large and in charge of Java, but the same cannot be said with Orc-ale at the helm.

There was a 0 day just the other week and today another one gets released. http://thenextweb.com/insider/2013/...-properly-fix-old-one-now-pushing-ransomware/

Most of the the people who use RATs use the Java exploits to get their crypted rats onto machines. Java is the easiest way to install a crypted RAT without any user interaction (except the user visiting the infected page).

 

[j4ck455]

Most of the the people who use RATs use the Java exploits to get their crypted rats onto machines. Java is the easiest way to install a crypted RAT without any user interaction (except the user visiting the infected page).

IMHO the only solution is for browsers to have Java integration disabled by default and then allow the user to only enable Java for specific websites that they trust (like FNB's Internet Banking) and would be very unlikely to be infested with malware payloads.

 

[biometrics]

Where do you need Java? Haven't needed to install it since moving to a new laptop ...

 

[kilobits]

Had a similar incident here too... machines BSOD at restart or shutdown, MSE installed, updated and active... both machines running Windows 7. Removed drives and scanned with NOD after fruitless troubleshooting and it discovered and cleaned these...

View attachment 35198

View attachment 35200

Also, both machines were running VLC media player that was also infected.

Cleaned now and with java disabled. Running OK again. MSE perhaps needs to get up to speed with its definitions.

Grrrr.

So how do I know if somebody has hacked or disabled a PC using this exploit? ... because I have had two clients call me this weekend with blue screens of death out of the blue. They both reported strange behaviour on their PCs beforehand and the one client had his business website hacked by some middle eastern dude.

 

[kilobits]

Minecraft !!

Where do you need Java? Haven't needed to install it since moving to a new laptop ...