Don’t Use Java for Another 2 YearsAdded: Wednesday, January 30th, 2013
Category: Bit Torrent Freedom > The Industries Of Records, Gaming, Software, Movies
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2010, www.extratorrent.com
Oracle has just released an emergency update to its Java, which was intended to fix major security vulnerability in the software. However, security experts warn that the released update isn’t effective and Oracle shouldn’t have bothered.
The update was released after the Department of Homeland Security urged users all over the country to disable Java due to presence of bugs in the software. US Homeland Security warned that Java was being used to commit identity theft.
According to Adam Gowdiak, a Polish researcher from Security Explorations, who has found a number of bugs in the software over 2011, the latest update from the company still leaves a few important security vulnerabilities unfixed, so he wouldn’t recommend users to enable Java again.
The fact that Oracle isn’t able to fix the software means that computers running Java in their web browsers are still vulnerable to attack by anyone seeking to steal personal details and use them later in scams. Moreover, the scale has already reached the point where the largest security outfits recommend companies to remove Java from the web browsers of all employees, except for those who can’t go without it.
It seems that things might get even worse. For instance, HD Moore, chief security officer with Rapid7, believes that it will take Oracle no less than 2 years to fix all the security flaws for the version of Java used for surfing the Internet. He pointed out that it might be better to assume that Java would always remain vulnerable, but people anyway don’t actually need it.
In response, Oracle claimed that its latest update fixed 2 bugs in the version of Java 7 for Internet browsers. In addition, it switched Java’s security settings to “high” by default, thus making it more difficult for suspicious software to run on a computer without the knowledge of the user.
January 30th,2013Posted by:
Wednesday, January 30th, 2013
|Thanxx 4r this Article|
so the bottom line is to disable JAVA in browsers right
|well i use vuze so i have java but i have no personal info on this computer so if it got hacked they wouldn't get nothing but a torrent.|
|posted by (2013-01-30 13:01:30)|
|If you disable java on your browser; and how do you do that; won t the browser run awful don t browsers need java to run ? ?|
|I disable java to be able to save pics from IMDB, however, if I don't re-enable it afterwards...surfing grinds to a halt. I would love to be able to give it the flick permanently. If for no other reason than its pervasive update checks whenever it feels like. I am not concerned about identity theft. I am always walking away from credit card debt. After 5 years you get a clean slate again anyway. Plus I have a criminal history. If they run a background check it lights up like a Xmas tree! Please steal my id. In fact I am happy to swap!!|
|#3 things not like that. If u have java installed and disable it in your brwoser|
that doesnt mean you are safe.
Currently, the Java installer for Windows includes an offer for the Ask.com browser toolbar. Unless users explicitly uncheck a box on the Java installation screen -- in other words, opt out -- the toolbar automatically downloads and installs, and the browser's default search engine changes to Ask.com.
That raised the ire of long-time Windows blogger Ed Bott of ZDNet, and also got the attention of Ben Edelman, an associate professor at Harvard and expert on adware, online fraud and Internet privacy.
In pieces published Jan. 22, both Bott and Edelman took aim at Oracle for bundling the Ask.com toolbar with Java.
Bott found that the Ask.com toolbar was not immediately installed, but waited 10 minutes after Java finished to kick in. "I've never seen a legitimate program with an installer that behaves this way," said Bott, who speculated that the technique was an attempt to hide the toolbar's installation from technically-astute users
Edelman was also caustic in his criticism of Oracle and the Ask.com toolbar installation, deeming the latter deceptive. Even worse, Edelman said, was that the offer was included with critical Java updates that patched recent "zero-day" vulnerabilities being exploited by criminals.
"The Java update is only needed as a result of a serious security flaw in Java," said Edelman. "It is troubling to see Oracle profit from this security flaw by using a security update as an opportunity to push users to install extra advertising software."
By bundling adware with its security updates, Oracle is teaching users to distrust its patching process, Edelman added
Not sure what you're trying to say there. With regard to the toolbar addon -I just opt out of that- simples!
With regard to the Java vulnerability issues- this is worrying!
|You don't really need Java to browse the internet. I've had it disabled since the first warning about the security threat being exposed a few weeks ago and haven't noticed a difference in regular browsing. Most of the pretty, catchy, fancy stuff and all of the video streams use Flash anyway.|
|What about NoScript, flick it on, flick it off. It's amzing how many scripts really don't need to run for a website to function and how many scripts try to run for no other purpose than to get info. Ghostery isn't bad either and the Adblock suite is also a must have.|
|posted by (2013-01-30 23:43:57)|
|Never installed Java to begin with. I get sick of the updates not installing properly in the first place.|
|posted by (2013-01-30 23:49:58)|
|Taken off another site ...|
" Many users require Java for specific applications, therefore we are providing both removal instructions as well as the ability to disable Java.
For users who primarily surf using Chrome it is handy to disable Java, but allow it to work in another browser for the rare application that requires Java.
Java 7 update 10 introduced a useful security control that allowed the web browser plugin to be disabled entirely."
Chrome disable instructions
Open Chrome and type chrome://plugins into the location bar.
Click Disable underneath the Java plugin.
|I use 'openJDK Java 7' on Linux|
for networking computers in the house
and to use phones as remotes.
I guess openJKD is safer...
|since the flaw lies in the package by oracle and its adware why not use Sun java,obviously an American foible that because one company distributes a dodgy java package all java is suspect,which is not the case and java applications offer better security in most cases so by disabling it certain sites won`t run in your browser as well as online games etc.ZombieTux open JDK (java development Kit)is open source version of java and not windows based which is where the vulnerability is targeted one would imagine,personally I use a dual boot with xp and fedora and only use windoze for the odd bit of gaming so primarily using Linux for everything else and never allow ask toolbar or any others that packages try to download on me so try robbing my identity and all you will get is blanked,open source anything is always going to be better than franchised packages most notably for windows o/s as all open source is spyware/adware/malware free.|
|Unlike windows packages (cough) ^-^|
|posted by (2013-01-31 04:20:04)|
|hum using win 7 and i.e. 9.0 so what now ? awww only using sun java here so all is ok ? ?|
|i m not user for java ...Thanks for info SaM|
|@Rockman, Use Linux and have fun with an OS, I like Linux Mint 14: you could use VirtualBox to play around if you like it get rid of Windows7 and install it as the main OS or set up a dual-boot system.|
or Hackintosh your PC like I have.. iATKOS ML2
|HOW TO OPERATE BANK ACCOUNTS WITHOUT JAVA???|
IT IS MUST IN INDIA TO OPERATE BANK ACCOUNT
|posted by (2013-01-31 11:44:37)|
|Never heard of or used Linox or Virtualbox or setup a dual-boot system so why do all this ?|
guess i ll stick with win 7 and i.e. 9.0 and sun java; seeing how no has explained what this stuff is; how to find this stuff; how to use etc . .
|So why every single day for the last week does it ask me to update it? If I say yes it comes back saying that I am already running the latest version, and if I say no it just keeps asking every time I boot up my computer. Frustrating as all heck. I am seriously thinking of dumping it altogether.|
|posted by (2013-01-31 13:55:22)|
|Everyone should switch to a MAC as soon as possible(Unless you need a PC for Coding etc., or are using LINUX which from what I hear is 10thousands times better than windows when it comes to security & stability)... And for those of you who are about to trash talk APPLE MAC, before you do, go outside and check your mailbox first for that check from Microsoft Inc.. Oh! no check in there??? Then stop kissing Windows A** for free and just switch to a MAC. To everyone else, thanks for the info here, real good stuff.|
|I forget to use Windows OS. 95 % Computing can be done nicely and without virus,trojan horse and security threats. I am using Mandriva 2011 and Fedora 14. Please stop using windows and go for Linux|
|Just block all scripts, that way you won't have to deal with all them stupid adds neither.|
Except of course for them kittyrubbing gif chicks groping themselves any time you try n download a torrent from extra
|posted by (2013-01-31 21:38:08)|
|24 ) vilas2006 - Ok what is Mandriva 2 and Fedora 14 and Linux never heard of them and never used them ! ?|
|First off, the risk is NOT as high as people are hyping about. I have antivirus, and 3 or 4 programs to remove and shred junk data/malware/spyware, ect. Second, you DO need Java in order to stream most videos off the Internet. Ever been on YouTube and it says, "Java was not found on your computer, it can be installed here", or something like that? I've never had a problem with it. Antivirus, firewall and the 3-4 programs have left me without ANY type of malware or viruses. Been this way for 2 years now without any problems whatsoever. It's not necessarily Java it's self, it is more like who is in front of the computer, and whether or not they are intellegent enough to know how to prevent from getting infected.|
|posted by (2013-02-01 14:04:34)|
|sounds bad but agree with #28 comes down to the user to control..i guess there is plenty of software to detect this stuff..in my opinion the same applies to parental controls..here in the uk they keep campaigning to get your ISP to block adult material etc unless you ring them and say i love watching porn unblock it ha..carnt see it being enforced myself but its getting worse|
|posted by (2013-02-02 21:52:54)|
|4 W8 PRO MICROSOFT DON'T GIVE UPDATES 4 JAVA BUT IF YOU DON'T WANT FLASH PROBLEMS|
MAYBE JAVA CAN HELP IN THAT WAY U CAN SEE ICONS & VIDEOS UNDER JAVA IN SOME WEB SITES AND EMAILS AND IF YOU HEAR SOME OS'S HACK 4 SEE YOUR SEARCH IN SIDE YOUR SCREEN FOR LIKE ALL MAYBE STATISTICS MONITORING IF CAN BE SUPPORT IT 4 FIX. I USE DEFENDER 4 NOW BECAUSE OTHER GREAT ANTIVIRUS SLOW AND CHANGE IT OWN SOME IP ADDRESS FOR SECURITY FROM MAYBE FAR COUNTRY FOR END COMMENT.
|Yeah, you can disable Java, but wouldn't it get to be a pain doing the enabling/disabling dance every time you go to a different website. Then there is Adobe Flash, it eats up processor and memory like a bandit. What about HTML 5, is there any holes/danger in that. If not, when are websites going to convert?|
|I'm wit ya #28, ya took tha words out my mouth .....|
|posted by (2013-02-03 12:34:17)|
|posted by (2013-02-03 20:28:36)|
|Thank you for explaining that to people d44v10u5. You saved me the trouble of doing it myself. |
People should install Sun Java only if they explicitly need it for banking or whatever.
|posted by (2013-02-03 23:15:07)|
|Anon5150, Did you get a check from Mac? You will need it as Mac products cost twice as their competitors, and are designed to be obsolete or dead in 13 months. Why do you think they changed the jacks on the latest IPhones? To force mac owners to spend more $$$. I have many friends who used to love Mac now seeing the light, if you watch the press you will see they are also turning away from Mac. Macs are hard to interface with the rest of the world and often with other mac OS versions. Macs were made to be easy when the DOS Prompt was still a staple, it's not anymore and the need for Macs has faded. I just spent $80 on an android based phone, it does everything an Iphone does. A comparable mac product is $400. I must admit Mac does have the best packaging in the business, if it's important to you to have your packaging designed in San Francisco you better stick with Mac, if performance, value and long life matter go with ANYTHING else!!||
Most Popular Stories