Homeland Security says: "Disable Java"

According to the US Dept. of Homeland Security, having a good anti-virus program is not enough. Based on their analysis of things like ID theft and making your PC part of an ad-hoc attack network, Homeland Security is now advising people to disable Java in all browsers:

http://www.chicagotribune.com/busin...sers-to-disable-java-20130111,0,5686660.story

Based on the story, it appears Oracle is in "no comment" mode. Again, it appears this warning is directed to users of all OS (Win, Mac, Linux - possibly even Android) and all browsers (IE, Firefox, Safari, Chrome, etc.).

I'm anxious for the Malware Experts to weigh in on this one.

 

Tim: Sorry that I missed that link.

 

I am pretty sure they will get it fixed in next patch if they haven't got it fixed all ready.
I think it is just another scar tactic bye the government.
If it every happens to me all i need to do is wipe my Hdd and reinstall lol:-D
I never have back ups be cause i do not need them this is a gaming computer.

That is way i can do a Full format of HD.

I never keep any thing to important on my HD My desktop is scanned nightly and cleaned nightly auto.Any thing i do have important i remember every thing or my bank has all ready taken care of it.

And if i do keep important stuff on my computer it is backed up on a big flash drive and not my main HD.

 

Yup, you got it. I work for a government agency and in a meeting the other day they discussed micro-chipping everyone and putting out fake Java warnings.

rolleyes

 

Did I miss Yet Another Secret Meeting? I should go ahead and turn in my decoder ring now I suppose...

 

The newer model Decoder rings use Java; might want to turn it in ASAP. :-D

 

Strange. My decoder ring doesn't use Java.

 

kinda joking a little :-D

 

I can't decode anything without having three or four cups of Java first.

 

Check the Plugins section (anything there can be enabled/disabled 'on the fly' anyway - unlike Java in IE!) then check Control Panel > All Control Panel Items for the Java applet - even if you don't find it there, it could still be on the system as the Java installer can be buggy, search for javacpl.exe, usually found in C:\Program Files\Java\jre7\bin or C:\Program Files (x86)\Java\jre7\bin.



Some (fairly) easily digestible details on this latest Java vulnerability here: What You Need to Know About the Java Exploit

One of the basic 'problems' is that Oracle only patch their products on a 4 monthly cycle and patches out of cycle are pretty rare - even then, take up of the latest version is very slow, this gives the bad guys a big target to aim at over an extended period.

 

I should have figured that; I usually get a laugh reading your posts anyway

 

Since Java is also used in cars, appliances and parking meters does this mean Stephen King's "Maximum Overdrive" may become reality? :-D

 

I many ways that would be sweet :-D:-D

 

Dammit! My sister promised me if something like that came up she would let me know! Unless she doesn't work for the agency in charge of this one...:confused

 

That's what we get for trusting all these Javanese programmers with national security. They just want to be left alone...

 

So when I drink my daily cup of Java at Starbucks, I will always wonder if I'm being exploited :confused. .roflmao

 

http://ia.media-imdb.com/images/M/MV5BMTY0OTc2ODU5Nl5BMl5BanBnXkFtZTcwODMzNjcyMQ@@._V1._SY317_CR9,0,214,317_.jpg

:eek

 

May be he he may be there all so putting tiny micro chips into your coffee :-D:-D

 

I only allow Windows to update automatically, so I think I'm behind in my update. My Java Version is 1.6.0_31. Am I ok?

 

When I opened Firefox to disable Java (thanks to this thread) I noticed it had already been disabled. It's nice to see that Firefox is taking preventive measures for it's users.

Chrome I had to disable myself. Shame on you Chrome! lol

 

I've disabled JAVA and java scrips and removed all Java updates and program from my hard-drive yesterday when I read it via email security thingy.... I, also removed the java pluggins from my browsers as directed from the Oracle website....anyways... now the Opera browser is frustrating me. I always used Opera, but now I cannot mange my website, because you need java + java scripts to run some stuff.... I am forced to use Internet Explorer, which I hate because that browser is not secure enough.... proof is that Internet Explorer lets me use my website without glitches..... hmmm.... not sure what to do here....

 

Yeah, it's a P.I.T.A., I know, but about all you can do is to leave Java disabled by default, but enable it if you are sure what you wish to view/use is 'trusted'. A bit like Active-X used to be not long ago. Hopefully, these buggy, security weak plug-ins will become extinct soon.

 

Was today's update ( Version: 10.11.2.21) a fix for this?

 

@ ShelaghRoyale: JavaScript needs to be active for most sites to work as intended, it's not the same as Java, Caliban has an explanation of the differences here.

 

Allegedly, yes rolleyes until the next hole is found.

Given that insecure Java is the mainstay route to inject malware these days, by a large margin (~50% of infections?), I'd still suggest people uninstall it fully - only reinstall it (carefully) if it's found that it's really needed.