Homeland Security recommends disabling Java

Devil Ledbetter

Come on you stranger, you legend,
Kind Benefactor
Super Member
Registered
Joined
Mar 8, 2007
Messages
9,767
Reaction score
3,936
Location
you martyr and shine.
It looks legit enough that we've disabled Java on all our rigs. Oracle doesn't have a patch for this. I'm really surprised there isn't more buzz about it, since it's on all the major news sources.
 

Deleted member 42

They're about three months behind Apple and Microsoft.

Don't confuse Java, used to run applications in a Web browser, with JavaScript. JavaScript is OK.

Keep in mind that if you use Star Chat to chat, you'll need to re-enable Java before you can use it or other Java applets.
 

Paperback Writer

Learning the craft
Super Member
Registered
Joined
Dec 2, 2009
Messages
431
Reaction score
46
Location
It's like I went back in a time machine to the 60'
I checked my Windows 7 Firefox and it was already disabled thankfully. I went ahead and disabled the entire plugin just in case. The plugin was missing on my Mint laptop too.

https://addons.mozilla.org/en-US/firefox/blocked/p182

Java Plugin 7 update 10 and lower (click-to-play), Windows has been blocked for your protection.

Why was it blocked?The Java plugin is causing significant security problems. All users are strongly recommended to keep the plugin disabled unless necessary.Who is affected?All users who have these versions of the plugin installed in Firefox 17 and above.What does this mean? The problematic add-on or plugin will be automatically disabled and no longer usable.
 

Ambrosia

Grand Duchess
Kind Benefactor
Super Member
Registered
Joined
Feb 4, 2009
Messages
26,893
Reaction score
7,269
Location
In the Castle, of course.
Which is all good and fine, but since when does Homeland Security start issuing such warnings? That is what seems odd to me.
 

Deleted member 42

Which is all good and fine, but since when does Homeland Security start issuing such warnings? That is what seems odd to me.

After they got affected by the hole, I expect.

A number of the IT lists I'm on started coverage of this in May.

There were problems with large deployments at some schools even before that, especially on Windows but on OS X too.

The updates and variations started confusing even professionals.

The army started issuing cautions about deploying jave apps even before that, as did Apple.

They are again, like TSA theater, going about it wrong.
 

Shadow Dragon

Super Member
Registered
Joined
Nov 7, 2008
Messages
4,773
Reaction score
261
Location
In the land of dragons
Oracle says they will fix the problem "shortly."
Oracle Corp said it is preparing an update to address a flaw in its widely used Java software after the U.S. Department of Homeland Security urged computer users to disable the program in web browsers because criminal hackers are exploiting a security bug to attack PCs.

"A fix will be available shortly," the company said in a statement released late on Friday.

Company officials could not be reached on Saturday to say how quickly the update would be available for the hundreds of millions of PCs that have Java installed.

The Department of Homeland Security and computer security experts said on Thursday that hackers figured out how to exploit the bug in a version of Java used with Internet browsers to install malicious software on PCs. That has enabled them to commit crimes from identity theft to making an infected computer part of an ad-hoc computer network that can be used to attack websites.
http://www.chicagotribune.com/business/sns-rt-us-usa-java-securitybre90b0ex-20130112,0,5437237.story
 

Ambrosia

Grand Duchess
Kind Benefactor
Super Member
Registered
Joined
Feb 4, 2009
Messages
26,893
Reaction score
7,269
Location
In the Castle, of course.
Thanks, Medi.

Shadow Dragon, thanks for the Chicago Tribune's article.

making an infected computer part of an ad-hoc computer network that can be used to attack websites.
Using the bug to commandeer individual computers to make a network to attack websites brings the scope up to the point I see the reason for Homeland Security to get involved. I couldn't see their reasoning before now.
 

AZ_Dawn

AW Addict
Super Member
Registered
Joined
Jan 28, 2008
Messages
1,298
Reaction score
229
Location
Southern Arizona

I don't know; the comments are kind of pessimistic about the patch. I never realized just how much of my web experience was made possible and/or easier by Java until I shut it off for Firefox.* (I have Java 6.something on my hard drive, so my IE is all right-ish.) I desperately want to turn Java back on, but I want to know if it's worth it. *For one thing the freaking smiley menu won't open. For another thing, my post is formatting weirdly.
 

Deleted member 42

I don't know; the comments are kind of pessimistic about the patch. I never realized just how much of my web experience was made possible and/or easier by Java until I shut it off for Firefox.* (I have Java 6.something on my hard drive, so my IE is all right-ish.) I desperately want to turn Java back on, but I want to know if it's worth it. *For one thing the freaking smiley menu won't open. For another thing, my post is formatting weirdly.

You've confused Java with JavaScript.

JavaScript is used by more than half the Web sites on the 'net. Including this one; that's why your're having trouble formatting and using pop-up menus. If you clicked a clicky box in your Web browser, you've turned off Java Script, not Java.

Java is a plug-in or binary add on. On Windows systems it may be called JRE or Jave Runtime Environment.

Here's how to remove Java on Windows.
 

AZ_Dawn

AW Addict
Super Member
Registered
Joined
Jan 28, 2008
Messages
1,298
Reaction score
229
Location
Southern Arizona
You've confused Java with JavaScript.

JavaScript is used by more than half the Web sites on the 'net. Including this one; that's why your're having trouble formatting and using pop-up menus. If you clicked a clicky box in your Web browser, you've turned off Java Script, not Java.
Java Script was turned off in Firefox! Thanks for the tip. :Thumbs: