fbpx

Computer Security Experts: Disable Java Unless You Know You Need It

By Art Gallagher

Oracle released a fix to the Java vulnerability we reported last night.     The company said another update is due out “soon.”  You can access the fix here.

Or, you can do what multiple computer security experts are suggesting and disable or uninstall Java unless you know you need it.

MoreMonmouthMusings is not a tech site and doesn’t pretend to be.   If you want more technical information, we recommend:

KrebsOnSecurity

arstechnia

Computerworld

Mashable

NakedSecurity

ZDNet: Security experts on Java: Fixing zero-day exploit could take ‘two years’

Technical comments from anonymous sources are not welcome on this post. If you are a known commenter with a valid email address, your contributions are welcome.  If you are a new commenter who wants to contribute technical information, your comment will be moderated until your identity is verified.

More from my site

Posted: January 14th, 2013 | Author: | Filed under: Art Gallagher, Computer Security, Department of Homland Security | Tags: , , , , , , , , , , , , | 3 Comments »

3 Comments on “Computer Security Experts: Disable Java Unless You Know You Need It”

  1. MoreMonmouthMusings » Blog Archive » Department of Homeland Security Issues Warning To Computer Users said at 8:17 am on January 14th, 2013:

    […] MoreMonmouthMusings » Blog Archive » Computer Security Experts: Disable Java Unless You … said at 8:15 am on January 14th, 2013: […]

  2. Safety First said at 1:51 pm on January 14th, 2013:

    Reports bubbling up from security experts indicating that the newly released emergency patch doesn’t go far enough. Well, who didn’t see THAT coming?? Java is the gift that just keeps on giving…

    http://www.foxnews.com/tech/2013/01/14/java-flaw-homeland-security-warning-fixed/

    Best advice, do your research and make an informed choice. I’m not jumping on this emergency patch just yet. Java will remain uninstalled from my operating system for now.

  3. Safety First, UPDATE said at 5:22 pm on January 14th, 2013:

    Homeland Security warns Java still poses risks after emergency security fix:

    Apparently, Homeland Security (US-CERT) doesn’t feel it’s safe to go back into the water yet.

    The revised DHS warning, including statement on the Java emergency patch:

    http://www.kb.cert.org/vuls/id/625617

    “Solution:
    Update to Java 7u11”

    “Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 addresses this (CVE-2013-0422) and an equally severe vulnerability (CVE-2012-3174). Immunity has indicated that only the reflection vulnerability has been fixed. Java 7u11 sets the default Java security settings to “High” so that users will be prompted before running unsigned or self-signed Java applets.”

    “Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future.”

    Also see http://www.zdnet.com/homeland-security-warns-java-still-poses-risks-after-security-fix-7000009785/