davej Posted January 12, 2013 Share Posted January 12, 2013 (edited) See... http://www.cbsnews.c...-java-software/ "The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts." http://www.slashgear.com/turn-off-java-they-warn-heres-how-you-do-it-12265037/ Edited January 13, 2013 by davej Link to comment Share on other sites More sharing options...
Ingolme Posted January 13, 2013 Share Posted January 13, 2013 I think it's been a while since a security breach in the Java browser plug-in was found. Java in itself is still OK. I'm not sure why they haven't found a solution yet, it's been months. Link to comment Share on other sites More sharing options...
davej Posted January 13, 2013 Author Share Posted January 13, 2013 (edited) The problem was identified and Oracle didn't care enough to fix it. Some suspect that Oracle is trying to kill OpenSource. http://techcrunch.com/2012/08/18/oracle-makes-more-moves-to-kill-open-source-mysql/ Edited January 13, 2013 by davej Link to comment Share on other sites More sharing options...
Ingolme Posted January 13, 2013 Share Posted January 13, 2013 That's silly. Do you have a grudge against Oracle or something?Possibly an adequate solution requires deep investigation. Link to comment Share on other sites More sharing options...
justsomeguy Posted January 14, 2013 Share Posted January 14, 2013 I have a grudge against Oracle, they seem like they're trying as hard as possible to make as many errors as possible in applications that get used by a lot of people. This happened 6 months ago also, there were 2 critical vulnerabilities in JRE discovered at least in July that were being actively exploited and those didn't get fixed until August. The patch that they released yesterday to fix the latest vulnerability still has security issues. Here's an article from last year about the problems with Java that led to 670,000 Macs getting infected. Here's an article from 2011 that shows that Java is the #1 infection vector for Windows machines, responsible for 37% of infections, with Acrobat reader at 32%. I saw something recently that said that Kaspersky labs now says that Java is responsible for 50% of infections, and Acrobat 28% (attacks specifically against IE or Windows account for only 3%). Java has long-term problems, and Oracle seems to be reactive, not proactive, about addressing those problems. Some people suggest Java should be completely rewritten. For my part, I have neither Java nor Acrobat installed on any computer I use and just because of that I'm protected from the vast majority of potential infections. So yeah, I don't like what Oracle has done with Java. SUN didn't do an awesome job with it either, but Oracle looks like it has zero interest in addressing the issues in Java until they become major headlines. Link to comment Share on other sites More sharing options...
justsomeguy Posted January 14, 2013 Share Posted January 14, 2013 The way I look at it is that I can choose to have Java installed (and by default it installs and enables all browser plugins), and be a part of this, or I can just get rid of Java entirely until I come across some reason why I might need it. I've had to use some of the online meeting sites where I install Java, do the meeting, and uninstall after I'm done. At least the uninstaller works well. Link to comment Share on other sites More sharing options...
davej Posted January 14, 2013 Author Share Posted January 14, 2013 I think it is dismaying that OpenSource projects can end up being owned by a company that has no motivation to preserve them and actually may have purchased them for the purpose of destroying them. Link to comment Share on other sites More sharing options...
justsomeguy Posted January 14, 2013 Share Posted January 14, 2013 Oracle bought MySQL, which happens to be the #1 open source competitor to their own (highly expensive) Oracle database product. Link to comment Share on other sites More sharing options...
justsomeguy Posted January 14, 2013 Share Posted January 14, 2013 Here's another article about Java: http://www.networkwo...ake-2-years-fix HD Moore, chief security officer of Rapid7, said it could take two years for Oracle to fix all the security flaws in the version of Java used to surf the web; that timeframe doesn't count any additional Java exploits discovered in the future. "The safest thing to do at this point is just assume that Java is always going to be vulnerable," Moore said. "Folks don't really need Java on their desktop." And from http://www.chicagotribune.com/business/technology/chi-java-update-oracle-updates-java-security-experts-say-bugs-remain-20130114,0,7822126.story : Java is so widely used that the software has become a prime target for hackers. Last year, Java surpassed Adobe Systems Inc's Reader software as the most frequently attacked piece of software, according to security software maker Kaspersky Lab.Java was responsible for 50 percent of all cyberattacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. Microsoft Windows and Internet Explorer were involved in about 3 percent of incidents, according to the survey. Link to comment Share on other sites More sharing options...
Don E Posted January 14, 2013 Share Posted January 14, 2013 JSG, Would it be sufficient enough to disable the java plugins in our browsers? Link to comment Share on other sites More sharing options...
justsomeguy Posted January 14, 2013 Share Posted January 14, 2013 I'm not a security expert, but I would think that would stop the drive-by download attacks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now