Computer warning

[begreen]

Well, this is unusual. Homeland Security has warned for the first time I can recall about a serious issue with Java. It is recommending that Java be disabled immediately. This could mean some serious dysfunction for some folks. I am turning it off now and will do some exploring and tests to see how it affects my daily activities.

http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/
(broken link removed to http://www.us-cert.gov/current/#us_cert_releases_oracle_java)

 

[velvetfoot]

Quick, how do you disable Java.
Nevermind. Apparently wasn't installed.

 

[begreen]

That will depend on which browser(s) and platform(s) one is using. Here are instructions:
http://www.java.com/en/download/help/disable_browser.xml

 

[velvetfoot]

Here is a link to test for Java:
http://java.com/en/download/testjava.jsp

 

[firebroad]

Thanks, Begreen & Velvetfoot! Seems I don't have Java, but I sure appreciate the heads up, since I just got internet at home for the first time (even if it has to be dial-up)!

 

[begreen]

FYI Expect some dysfunction after turning java off. You may not be able to use or go to commonly used sites, like online banking, depending on how they are setup and your browser.

"The warning was posted by the Department of Homeland Security’s Emergency Readiness Team, which issued Vulnerability Note VU#625617 to address the issue. Says the advisory, “Due to the number and severity of this and prior Java vulnerabilities, it is recommended that Java be disabled temporarily in web browsers as described in the “Solution” section of the US-CERT Alert and in the Oracle Technical Note ‘Setting the Security Level of the Java Client.’”
Using the vulnerability in Java, individuals with malicious intent can exploit the weakness to infect the machine. Ready-made exploit kits are available for sale online that take advantage of the issue, making it a fairly simple task for anyone to perform. With the kits, randsomeware can be placed on machines and identities can be stolen, among other things.

"Oracle has stated that it will release a patch for the issue on January 15 that will fix 86 security vulnerabilities. The company is requesting that users update Java as soon as the possible after the patch is released. In response to the advisory from the Department of Homeland Security, Mozilla announced that newer Java plug-ins on Firefox are now blocked from auto-loading unless the user manually authorizes it.""

http://www.slashgear.com/users-advised-to-disable-java-due-to-security-weakness-11265030/

 

[seige101]

FireFox+ No script, no worries

 

[BrotherBart]

In Firefox do you have the edit bar with the smilies and stuff in the reply box with Javascript turned off?

 

[begreen]

Working for me. with Java off in SeaMonkey 2.15.

 

[BrotherBart]

You you still have the JVM on that machine BG?

 

[begreen]

Good point, thanks. It's located in another advanced option. I disabled it and now the reply options are gone. Looks like I am going to be using the iPad a little more.

 

[velvetfoot]

Looks like I am going to be using the iPad a little more.

Why?

 

[Boog]

Serious security hole was found. I did more than disable it, I uninstalled it for now to see how its absence affects me. Already I am seeing a big increase in speed on this machine, I forgot how fast it used to boot up and be net ready! Not really sure if Java was slowing it down that much since I've got a pretty powerful machine, but I am seeing a difference. I was running the 64 bit version.

 

[BrotherBart]

Why?

No Java on i thingies.

Mac OS is a different story.

 

[velvetfoot]

No Java on i thingies.

Mac OS is a different story.

Got it, so how does it render the editing thingies without Java?

 

[BrotherBart]

I just checked. The source code for this page is 3796 lines. I will let you crawl through it to find out.

 

[begreen]

This flaw is not new. Apple finally said enough and started disabling java in their updater last year. This site works fine on my Mac, so there is an alternative method.