Skip to main content

This is a follow-up to my diary on Friday, January 11.

Over the weekend Oracle, the company that distributes and maintains Java, released a patch to fix the Java vulnerability that was reported last week.  The update to Java is called "Java 7 (Update 11)".  Oracle's release statement for the update can be found here.

As of today, the Department of Homeland Security is still recommending that Java not be enabled in our browsers:

The U.S. Department of Homeland Security has reiterated its warning to Java users that the widely used Web plug-in still poses risks for Internet users, even after Oracle patched the software to prevent hackers from exploiting a zero-day vulnerability.

It comes as some security experts are warning that the new software -- Java 7 (Update 11), which was released on Sunday -- may not actually protect against hackers attempting to remotely execute code on user machines.

In a statement to CBS, a Java security expert at Security Explorations says:
Although Java 7 Update 11 released by Oracle yesterday addresses the 0-day attack spotted in the wild, there are still unpatched security vulnerabilities that affect the most recent version of the software. Just to mention the bug #50 we reported to Oracle on 25-Sep-2012.
The latest status on the Java issue from CERT can be found here.  It contains the warning:
Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future.
In my last diary on this subject, there were a lot of excellent suggestions relating to browsers and plug-ins which may help mitigate this kind of attack.  Firefox with the NoScript plugin and Chrome with the NotScript plugin were recommended.  Maybe the more technical among us can assist those with less technical knowledge in assessing which of these options may be best for them, and how to make sure they are browsing safely.

Regardless of the browser you are using now, your system is at risk whether you are on a Windows, Mac, or Linux computer and the Java Plug-in is enabled in that browser (or email client if it supports a Java Plug-in like Thunderbird).  Instructions on disabling Java can be found at this link.

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site