Computer Users Should Disable Java 7 Owing To Security Flaw, Experts Say | WAMU 88.5 - American University Radio

NPR : News

Filed Under:

Computer Users Should Disable Java 7 Owing To Security Flaw, Experts Say

Millions of computer users who run the most recent versions of Oracle's Java software should disable the product owing to security flaws, says the cybersecurity section of the Department of Homeland Security. The agency says, "Web browsers using the Java 7 plug-in are at high risk."

For our Newscast desk, Steve Henn filed a report from Silicon Valley in which he says that "in the last few months security researchers have discovered a series of bugs that can allow bad actors to take over machines that are running Java in a Web browser and steal your identity."

Those bugs can be exploited to allow hackers' programs to give themselves full security privileges, according to a "vulnerability note" posted by Carnegie Mellon University's CERT computer security site.

"Oracle Java 7 update 10 and earlier are affected," the notice says. It adds that the only known solution is to "disable Java in web browsers."

It seems that security experts began to highlight the vulnerability this week, after it began to be used in software kits that are sold to hackers. The Malware don't need Coffee site seems to have been among the first to report it.

"This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits," the U.S. Computer Emergency Readiness Team wrote in its vulnerability note. "Exploit code for this vulnerability is also publicly available."

Brian Krebs, who blogs about computer security, writes, "The hackers who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they've added a brand new exploit" that attacks the security flaw.

Anyone wanting to know how to disable Java can check out Oracle's explanation of the process. It has become easier to disable Java in its most recently updated version.

For those wondering how they can get by without software that has become ubiquitous, Krebs says, "I haven't had Java plugged into any of the browsers I use for surfing the Web for the past two years, and I haven't missed it once."

He adds that another option would be to consider employing extensions such as Noscript (for Firefox) or Notscripts (for Chrome), to control what plug-ins and scripts can do.

Our colleagues at KQED are also monitoring this story; we'll add updates as they come in.

Copyright 2013 National Public Radio. To see more, visit http://www.npr.org/.

WAMU 88.5

Second Annual Funk Parade To Take Over U Street

This weekend you can get funky on U Street with live music, a street festival and a parade, as tomorrow marks the second Funk Parade. Funk Parade organizers couldn't get a permit to march down U Street last year, but the crowd veered off V Street anyway to where co-founder Justin Rood always...
NPR

How Dangerous Is Powdered Alcohol?

Last month, the U.S. Alcohol and Tobacco Tax and Trade Bureau approved a powdered alcohol product, making both parents and lawmakers nervous. Some states have already banned powdered alcohol. NPR's Arun Rath speaks with Brent Roth of Wired, who made his own powdered concoction and put it to the test.
NPR

Obama Administration Forced To Defend Strategy Against ISIS In Iraq

On this Memorial Day, the Obama administration finds itself defending its foreign policy strategy in Iraq where the self-proclaimed Islamic State, also known as ISIS, has captured the city of Ramadi.
NPR

In California, Technology Makes "Droughtshaming" Easier Than Ever

As California's drought continues, social media and smart phone apps let just about anyone call out water waste, often very publicly.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.