A lot of readers read my post about the security issue of Java and update released by Oracle Corp. but many have contacted me asking me whether Java was safe to use given the FBI warning about its vulnerability.
Is Java safe, most of the readers have this question today. I searched the web for a good answer as I can't give my readers false guidance.
It has a week since the Oracle's Java software was discovered to have a severe vulnerability which led Oracle to release a quick fix patch. The readers can download the patch here. However on Wednesday Brian Krebs, a security analyst has released a report which says that there is a further chance this vulnerability can be used to hack computers through Java. Readers can read the report here. In this report Krebs has said that the Java loop hole was being used by the Underweb for selling it for as much as $5000.00 per user. I had reported that this very loop hole was being sold $1500.00 each. Read the article here.
Krebb has reported the following post on the Underweb forum.
So my advise to readers is to disable Java for some more time till Oracle Corp gives out a proper and firm update or fix for this 0day bug. Till that time you can use other interactive programs and plugin like Google Docs, Flickr etc. You can use Microsoft's outlook.com for emails.
To disable Java go to your control Panel and open 'Security' or 'Java' and uncheck the box called Enable Java content in the browser option.
Read more about it here. Some programs like Minecraft, TiVO will not work but its better to be secure then be sorry.
Hope it answers the readers questions to some extent. Post your suggestions in the comment box so you can help others.
Vijay Prabhu
It has a week since the Oracle's Java software was discovered to have a severe vulnerability which led Oracle to release a quick fix patch. The readers can download the patch here. However on Wednesday Brian Krebs, a security analyst has released a report which says that there is a further chance this vulnerability can be used to hack computers through Java. Readers can read the report here. In this report Krebs has said that the Java loop hole was being used by the Underweb for selling it for as much as $5000.00 per user. I had reported that this very loop hole was being sold $1500.00 each. Read the article here.
Krebb has reported the following post on the Underweb forum.
“New Java 0day, selling to 2 people, 5k$ per personAnd you thought Java had epically failed when the last 0day came out. I lol’d. The best part is even-though java has failed once again and let users get compromised… guess what? I think you know what I’m going to say… there is yet another vulnerability in the latest version of java 7. I will not go into any details except with seriously interested buyers.Code will be sold twice (it has been sold once already). It is not present in any known exploit pack including that very private version of [Blackhole] going for 10$k/month. I will accepting counter bids if you wish to outbid the competition. What you get? Unencrypted source files to the exploit (so you can have recrypted as necessary, I would warn you to be cautious who you allow to encrypt… they might try to steal a copy) Encrypted, weaponized version, simply modify the url in the php page that calls up the jar to your own executable url and you are set. You may pm me.”However Krebs failed to explain what 0day.
So my advise to readers is to disable Java for some more time till Oracle Corp gives out a proper and firm update or fix for this 0day bug. Till that time you can use other interactive programs and plugin like Google Docs, Flickr etc. You can use Microsoft's outlook.com for emails.
To disable Java go to your control Panel and open 'Security' or 'Java' and uncheck the box called Enable Java content in the browser option.
Read more about it here. Some programs like Minecraft, TiVO will not work but its better to be secure then be sorry.
Hope it answers the readers questions to some extent. Post your suggestions in the comment box so you can help others.
Vijay Prabhu
works great
ReplyDeleteLiked yr blog, very well-written and interesting too.
ReplyDeleteHelpful.
ReplyDeleteThanks, those who have not disabled Java please do it now, its getting more and more worse
ReplyDelete