DHS advises disabling java to avoid major hacks

The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.
The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts.

Experts believe hackers have found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief.

 

I've used the "No-Script" add-on with my Firefox browser for ages, and highly recommend it. This add-on disables all Java scripts by default. When you visit a website for the first time, you selectively enable all useful Java providers -- and you only have to do it once. If you're not sure about any Java content, you can first check its ratings and other users' experiences. Most internet nuisances are written in Java, so this add-on has been a real blessing.

 

This is a report about Java, not JavaScript. They are different things.

And I am saddened to see that CERT is now part of DHS.

 

Indeed. However noscript also disables java.

 

I would think this would prompt a very rapid Java update.

 

Yeah, this is about Java CONSOLE not the javascript, which one can stop/block in various ways if necessary, but I don't believe that is where the security hole is.

Oracle has already said they would fix this very quickly, but the reality is that we probably won't have a Java in a few years. There are enough alternative local app/web app environments that we can do without. But, at the moment, companies like logmein and gotomeeting are in a pinch. I wonder how it is affecting them.

 

I went scrambling to disable Java on my 3-month fresh install on my home computer and... apparently I've done just fine without ever installing Java on my computer. So as far as my home usage goes, apparently Java is no longer needed already!

My work computer still requires it for some of the internal systems, let's see how our IS guys react to this.

 

Java update has just been released.
http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html

 

So does turning off the computer.

Just pointing out that the suggestion there was FAR more than what is actually required to address the situation and might have more significant effects than addressing the offending software.

 

I use noscript all the time, and the original advisory had a link to noscript too. Sounds like a good idea to me and has the nice side-effect of blocking about 98% of ads

 

Same here

 

Career path for blue shirts?

 

Meanwhile, our IS department notified us neither about the issue nor about the fix. All is well

 

I'll drop my resume in the mail to them.

 

An update has been posted to fix the problem.

 

But as stated, it also disables Java Script, which pretty much disables the web these days. Just uninstall your Java plugin and you're set.

 

Consider the source. This is coming from the same agency that talked about plastic sheeting and duct tape to save us from nuclear attack.