Java

[MichaelWeston]

govt told me not to use it. Can I use it yet?

[|Numbers|]

[quote name='MichaelWeston' timestamp='1360333662' post='1213512']
govt told me not to use it. Can I use it yet?
[/quote]

If they told you not to use it, am I assuming you are not the one performing updates ? The answer is not definite because updates, restriction, and or disabling are required before using.

According to CERT the solutions are as follows;

[url="http://www.kb.cert.org/vuls/id/858729"]http://www.kb.cert.org/vuls/id/858729[/url]

Solution

Apply an update
These issues are addressed in Java 7 Update 13 and Java 6 Update 39. Please see the Oracle Java SE Critical Patch Update Advisory - February 2013 for more details.

Disable Java in web browsers
Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. Please see the Java documentation for more details.
System administrators wishing to deploy Java 7 Update 10 or later with the "Enable Java content in the browser" feature disabled can invoke the Java installer with the WEB_JAVA=0 command-line option. More details are available in the Java documentation.

Restrict access to Java applets
Network administrators unable to disable Java in web browsers may be able to help mitigate this and other Java vulnerabilities by restricting access to Java applets. This may be accomplished by using proxy server rules, for example. Blocking or whitelisting web requests to .jar and .class files can help to prevent Java from being used by untrusted sources. Filtering requests that contain a Java User-Agent header may also be effective. For example, this technique can be used in environments where Java is required on the local intranet. The proxy can be configured to allow Java requests locally, but block them when the destination is a site on the internet.

[|Numbers|]

[url="http://www.us-cert.gov/cas/techalerts/TA13-032A.html"]http://www.us-cert.gov/cas/techalerts/TA13-032A.html[/url]

Systems Affected

Any system using Oracle Java including
•JDK and JRE 7 Update 11 and earlier
•JDK and JRE 6 Update 38 and earlier
•JDK and JRE 5.0 Update 38 and earlier
•SDK and JRE 1.4.2_40 and earlier
•JavaFX 2.2.4 and earlier
•Java 1.6.0_37 and earlier for Mac OS X and OS X Server 10.6.8
Web browsers using the Java plug-in are at high risk

[|Elflocko|]

My advice is if you don't absolutely need it, uninstall it completely. If you do have to use it (as I do for work), then update it whenever it's available and check for a new version every day...

[MichaelWeston]

The government told everyone to turn it off.

Thanks for the help guys.

[|Elflocko|]

[url="http://www.idgconnect.com/blog-abstract/742/rob-cheng-global-malware-storm"]This article[/url] articulates the issue well; the big problem now is that the worms and viruses have become polymorphic...

[Tigris]

I was reading about the creator of Java. Sounds like he got hosed.

Anyone know the short version story of this?

[|Elflocko|]

And again.

 

I can't help but believe that the hackers wouldn't be exploiting Java this earnestly if not for it being owned by Darth Ellison...