Homeland Security says Java is good for hackers – what to do?
Java applet, demonstrating 2D FFT (Photo credit: Wikipedia)
Recently, the US homeland security group issued a warning about hacking and Java. An example article is found at How to disable Java following Homeland Security warning . This presents a problem for me. You see, applications like Libre Office and Open Office need Java. I decided to visit a couple of Java forums and pose a couple of questions. The article promised a fix by Oracle on Tuesday, January 15, 2013.
My Question
Now I used to program in Java, as well as other languages like C#, Perl and PHP. So here are my questions?
- Can someone tell me the technical problem here with Java?
- Why can’t Oracle, as well as the world wide Geeks in private enterprise, law enforcement and academia suggest a proper fix or resolution?
Let’s look at some answers
Answer 1
Yes a security vulnerability in Java 7 has been found. It isn’t the first and it won’t be the last. I will guarantee that Oracle (and probably the OpenJDK team) are working hard to fix it but I’m betting that nobody from Oracle will make a comment in this forum and only Oracle can suggest the real fix.
I find this fuss about a single Java vulnerability rather funny. Last time I checked, on my Wife’s computer running Windows 7 the virus checker was checking for about a million viruses which exploited thousands of vulnerabilities and she gets a couple of Windows security updates a week but has anyone suggested turning off all computers running Windows? A whole industry has grown up around handling Windows vulnerabilities.
Answer 2
English: Mandelbrot set viewer Java applet. Java applet to view Mandelbrot set, under GPL license, taken from http://www.its.caltech.edu/~dannyc/fractals/simple.html. Licensed under GPL as derived work Category:Java applets (Photo credit: Wikipedia)
Nobody here can answer for CERT with respect to the first question. Nor can we answer for Oracle and the unspecified geeks in the second. However there is some problem affecting Java applets running in web browsers, and google reveals the usual standard of journalism in the reporting of that. (It seems a general rule that with respect to anything technical, scientific and, most especially “security” related, that reporting should remain information free.)
There have been many of such vulnerabilities in the Windows operating system, in the Internet Explorer, in Firefox,…. that is live. I never heard the call to disable or deinstall Windows or Microsoft Internet Explorer because of that though. Strange, right?
Answer 3
It seems you should download and install the update. I haven’t read the page that closely so I’m not sure whether it fixes the fault or merely alerts you before applets run. So, to avoid “driveby” attacks, it might pay to be cautious about running Java applets if you are unsure about the applet or the site/page that hosts it.
I would still recommend against running Java applets or anything internet connected until there is further news about this. Obviously local Java development should not be a security issue (though I would try to not write programs which would connect to the interweb anytime soon).
Me:
Oracle released a version of Java on Monday, January 14, 2013. Hopefully, this solves the problem.
Forum answer:
Just read a BBC article Java still contains security flaws, experts claim about the issue, and it seems like there are still security issues with Java (even after the latest patch).
Me:
A couple good tips from Terry’s computer tips newsletter is this:
- Use a router, even if you just have one computer: How Does a Router Protect Me?
- Run either free or paid version of WinPatrol WinPatrol – for System Control and Protection
Academic and business blog posts
Here are some blog posts I recommend from academic and business acquaintances of mine.
Why so many blog posts about kids? Because we have too many US mass killing sprees. Perhaps some good articles on proper childhood care can cure this current and future trend?
- 20 blogs to read before going on vacation with kids
- Where to shop for plus-sized maternity clothes
- 10 must-have fashion accessories for 2013
- 10 pets not to get when you have kids
- How to evaluate your nanny
- 20 blogs presenting strange services for sale
- 10 ways to get your child to put down their cell phone
- Getting ready for the January hiring season
- How to avoid meltdowns in public
- How to organize your child’s closet
- 40 blogs featuring homeschooling tips
- Expert insights with Stevanne Auerbach, Dr. Toy
- How nannies and parents can prevent medication miscommunication
- How to decide between a tablet or laptop
- 10 ways to be a better parent in the new year
- 10 easy ways to make a hot breakfast for kids
- 30 blogs with ideas for making traveling with kids fun
- 10 iPhone apps that boost brain function
- How to get your tween to open up to you
- 3 creative ways to curb bad behavior
- 30 blogs that help parents develop and maintain a family routine
- 45 blogs that outline the best bible study tips
- 10 work at home jobs that aren’t a scam
- 30 blogs with tips on curbing bad behavior
- Interview with Mary Oscategui founder of the international maternity institute™
- 25 blogs with advice for homemakers
- 30 blogs for frugal moms
- 10 celebrities who have committed public parenting faux pas
- How to raise your child’s emotional IQ
- 10 ways nannies can organize a toddler’s toys
- How to help a child who is being bullied
- 5 gifts nannies can give employers for the holidays
- How to have more patience with your kids
- 5 things parents shouldn’t let their kids do
- 27 bloggers who track celebrity sightings
- 30 blogs with tips for getting good behavior from kids
- How to help kids stop stuttering
- 10 of the Best iPhone Calendar Apps
- Expert insights: Matthew Haack president of domestic estate managers association
- 6 ways to get your kids hooked on salad
- 10 iPhone apps for editing photos
- 5 creative ways to store girls hair stuff
- What not to say to children who hear about tragedies
- 5 great family activities
- 30 blogs for and against vaccinations
- 30 blogs on parenting girls
- 20 old-fashioned names that are now popular
Filed under: Technology | Tagged: Internet Explorer, Java, Java applet, LibreOffice, Oracle, Oracle Corporation, Stevanne Auerbach, United States Department of Homeland Security, Windows |
