| Summary: After a security fix to patch Java 7 from a massive security vulnerability, the U.S. Department of Homeland Security has reiterated its warning that Java still poses risks. The U.S. Department of Homeland Security has reiterated its warning to Java users that the widely used Web plug-in still poses risks for Internet users, even after Oracle patched the software to prevent hackers from exploiting a zero-day vulnerability. Read this How to disable Java in your browser on Windows, Mac Amid a serious security flaw in the latest version of Java 7, where even the U.S. Department of Homeland Security has warned users to disable the plug-in, here's how you do it. It comes as some security experts are warning that the new software -- Java 7 (Update 11), which was released on Sunday -- may not actually protect against hackers attempting to remotely execute code on user machines. This code, security experts warn, could be used to acquire personal information and steal identities, or subscribe machines to 'botnets,' which can then be used to hit networks and Web sites with denial-of-service attacks. Homeland Security said in an updated note that it is reiterating its advice it gave last week, in spite of Oracle updating the Java software to include a security fix that would prevent machines from being attacked by hackers. The said: "Unless it is absolutely necessary to run Java in Web browsers, disable it [...] even after updating to [Update 11]." Homeland Security warned on Friday that Internet users should disable the Web plug-in as soon as possible, to prevent being attacked by hackers or malware. While it's not uncommon for a government department to notify users of threats, advising users to actively disable or uninstall software is rare. Java is used in more than 850 million PCs and Macs, along with billions of devices around the world, including cars, Blu-ray players, and mobile devices. The reason why the U.S. government stepped in, along with security experts and anti-malware companies, to warn users is because the zero-day vulnerability was being exploited in the wild by hackers and malware writers. Experts and researchers have warned that fixing the zero-day exploit "could take two years." Rapid7 chief security officer HD Moore told the Reuters news agency that it could take this long for Oracle to fix the flaws found in Java -- not including any further exploits or vulnerabilities that are found in the meantime. "The safest thing to do at this point is just assume that Java is always going to be vulnerable. Folks don't really need Java on their desktop," he said. We have reached out to Oracle for comment, but did not hear back at the time of writing. If we get a reply, we'll update the post.  via Technology - Google News http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNGJYlBQDbz80-cTcqM8hqL8Mm6T0A&url=http://www.zdnet.com/homeland-security-warns-java-still-poses-risks-after-security-fix-7000009785/ | |||
| | |||
| | |||
|
Homeland Security warns Java still poses risks after security fix - ZDNet
Related Posts:
Micromax Canvas Knight launched: Octa-core flagship boasts 16MP camera ... - Firstpost- Moto G: 5 things to know before you buy it - Financial Express
- Micromax Canvas Knight will be priced at Rs 19999 - Indian Express
- The Xperia E1 Dual will sell for Rs 10490, while the single SIM version will have ... - Indian Express
- Yahoo! blocks! Google! and ! Facebook! from! grabbing! ID! goodies! - Register
0 comments:
Post a Comment