Homeland Security STILL warning Americans to disable Java even as Oracle says problem fixed
By DAILY MAIL REPORTER
PUBLISHED: 20:43 EST, 14 January 2013 | UPDATED: 20:43 EST, 14 January 2013
Oracle Corp. said Monday said it has fixed the problem it its Java software that raised an alarm from the U.S. Department of Homeland Security last week, but the federal agency still recommends that users disable Java in their Web browsers.
'This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered,' DHS said in a statement Monday. 'To defend against this and future Java vulnerabilities, consider disabling Java in Web browsers until adequate updates are available.'
The alert follows on the department's warning late Thursday.
Security experts said that special code to take advantage of the weakness is being sold on the black market through so-called 'Web exploit packs' to Internet abusers who can use it to steal credit card data, personal information or cause other harm.
The packs, sold for upwards of $1,500 apiece, make complex hacker codes available to relative amateurs.
This particular flaw even enables hackers to compromise legitimate websites by taking over ad networks.
The sale of the packs means malware exploiting the security gap is 'going to be spread across the Internet very quickly,' said Liam O'Murchu, a researcher with Symantec Corp. 'If you have the opportunity to turn it off, you should.'
Oracle said it released two patches — to address the flaw highlighted by the government, as well as another flaw that the government said was "different but equally severe."
As well, the patches set Java's default security level to 'high' so that users will automatically be shown a prompt and given a chance to decline malicious software before it loads onto their computers.
Many programmers are avoiding Java altogether, and its use in Web browsers is on the decline, he said.
Kaspersky Lab estimated that last year 50 percent of all website exploitations were due to vulnerabilities in Java. Adobe's Acrobat Reader accounted for another 28 percent of vulnerabilities.
Read more:
http
/www.dailymail.co.uk/news/article-2262540/Homeland-Security-STILL-warning-Americans-disable-Java-Oracle-says-problem-fixed.html#ixzz2M21Yvntd
i have to pile on my hate for oracle and java, they just make their adware worse not better with every update as well as bandwidth hogging and autoplay ads and give them sounds, it was bad enough when they made ads flash and give people with epilepsy seizures, now i have to endure commercials on a computer when i am required to touch one that is not mine own to beat into permission submission
Facebook
Twitter