From: shaun newman [mailto:firstname.lastname@example.org]
Sent: Sunday, 13 January 2013 10:18 AM
To: ‘Shane Crocker’
Subject: RE: How to turn off Java on your browser – and why you should do it NOW
Thanks Shane, I have deleted my Java and sent your message on to others
From: Shane Crocker [mailto:email@example.com]
Sent: Friday, 11 January 2013 7:27 PM
To: shaun newman; ‘DAVID ANTHONY’; firstname.lastname@example.org; ‘Jill Knight’; ‘Kiel Shuttleworth’; ‘Wendy Davie’; ‘John Holland’; ‘Jon Wren’; ‘David Cornwell’; ‘Alison Alloway’; email@example.com; firstname.lastname@example.org
Subject: How to turn off Java on your browser – and why you should do it NOW
As everybody knows I have zero tolerance of hoaxes. This time it is not a hoax.
How to disable Java
How to turn off Java on your browser – and why you should do it now
by Graham Cluley on August 30, 2012 |127 Comments
Filed Under: Featured, Java, Malware, Vulnerability
Do you still have Java turned on in your web browser?
If your answer is "Yes" or "I’m not sure" then it’s time to take action.
Right now, cybercriminals are aware and exploiting serious security flaws in Java that could lead to your computer becoming infected by malware.
And the worst news is that Oracle (who has known about the zero-day vulnerabilities since April) doesn’t plan to issue a patch for the problem until October. (Update: Oracle has now issued a patch – but you should still consider whether you really want to run Java or not in your browser).
There will be many pointing fingers at Oracle and arguing that it has not taken the security flaws seriously, but the accusations that are bound to fly aren’t actually going to help the millions and millions of vulnerable devices out there.
Those devices need a patch from Oracle – but as it may not be available for some time, the best advice I can give you is to disable Java.
Naked Security’s Chet Wisniewski has put together simple instructions for users of the most popular browsers, explaining how Java can be disabled:
So, what are you waiting for?
Isn’t this just a storm in a teacoffee cup?
No, it isn’t.
Time and time again we’re seeing examples of cybercriminals exploiting flaws in Java to infect innocent users’ computers.
For instance, earlier this year we saw more than 600,000 Macs infected by the Flashback malware because of a Java security flaw.
In fact, it has become increasingly common to see malware authors exploiting vulnerabilities in Java – as it is so commonly installed, and has been frequently found to be lacking when it comes to security.
Cybercriminals also love Java because it is multi-platform – capable of running on computers regardless of whether they are running Windows, Mac OS X or Linux. As a result it’s not unusual for us to see malicious hackers use Java as an integral part of their attack before serving up an OS-specific payload.
As the following multi-platform Java malware which can hit your computer whether you are running Windows, Mac OS X or Linux.
demonstrates, the bad guys have even created
Seriously though, stop reading this article now and check if you have disabled Java or not. Chances are that if you don’t think that you need Java, you don’t need it.
Even if you absolutely must use websites that require you to have Java installed, why not disable it in your main browser and have an alternative browser just for visiting that website?
What you need to do now is reduce the opportunities for attack. For most people that means disabling Java – and doing it now.
Experts urge PC users to disable Java, cite security flaw
Computer users are being advised by security experts to disable Oracle’s widely used Java software after a security flaw was discovered in the past day that they say hackers are exploiting to attack computers.
"Java is a mess. It’s not secure," said Jaime Blasco, Labs Manager with AlienVault Labs. "You have to disable it."
Java, which is installed on hundreds of millions of PCs around the globe, is a computer language that enables programmers to write software using just one set of code that will run on virtually any type of computer.
It is used so that web developers can make sites accessible from browsers running on Microsoft Windows PCs or Apple Macs.
Computer users access those programs through modules, or plug-ins, that run Java software on top of browsers such as Internet Explorer and Firefox.
The US Department of Homeland Security also said people should stop using Java software.
"This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits," the department’s Computer Emergency Readiness Team (CERT) said in a notice on its website. "We are currently unaware of a practical solution to this problem."
The recommended solution was to disable Java. Three computer security experts also said computer users should disable those Java modules to protect themselves from attack.
A spokeswoman for Oracle said she could not immediately comment on the matter.
"This is like open hunting season on consumers," said HD Moore, chief security officer with Rapid7, a company that helps businesses identify critical security vulnerabilities in their networks.
Moore said machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack.
Marc Maiffret, chief technology officer with BeyondTrust, said businesses may need to keep using Java to access some websites and internet-based programs that run on the technology.
"The challenge is mainly for businesses, however, which have to use it for some applications," he said. "Oracle simply needs to do a lot more to secure Java and get their act together."
Security experts said the risk of attack is currently high because developers of several popular tools known as exploit kits that criminals use to attack PCs have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.