Main Menu
Home |
News |
Research |
Coding |
Teaching |
Articles
Introductory
Quick Studies
Reseach & Technology
Technical Reports
Operating Systems
e-Society
Everyday Science
MethOdd
Diving
|
Action |
AboutMe |
On-Site |
Related Articles
Security Alert: Emergency turn-off of web Java now mandatory |
Written by Harris Georgiou |
Monday, 28 January 2013 00:00 |
Inormally do not put emergency security alerts in this pages, but due to the severity of this event, I thought that everyone should be warned as soon as possible: "Oracle releases emergency Java patch; experts warn flaws may take 2 years to fix" (networkworld.com) Unfortunately, it seems that the worst fears about Java’s severe security holes have now become true. Since the exploits are already included in various publicly available exploit kits (e.g. “Blackhole”) and the problems can not be fully addressed for the next 12-24 months, the best options right now are, from most drastic (and secure) to the mildest (and more dangerous):
The last option relies only on the fact that the latest patch (7u11) from Oracle sets the default security level to "high", so every Java applet will trigger a dialog prompt for the user before it is executed. Keep in mind, though, that this is the most dangerous option, since it takes one single successful attack to breach local security and enable full remote access to the device (not just infect it with some virus or spyware). Status update (1-Feb-2013): "Oracle Responds to Java Security Flaws with 50 Fixes" (new version: "7u13") Status update (2-Mar-2013): "New Java 0-Day Vulnerability Being Exploited In the Wild" (latest versions: "6u41/7u15") |
Last Updated on Sunday, 24 March 2013 17:10 |