why take the chance ?
see http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/
Stephen
see http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/
Stephen
68degrees
Well-known
Java has been a pain in the (insert body part here) since its beginning. It always bloats and boggs down the computer causing all sorts of unexpected things to happen. Ive always disabled it and avoided sites that depend on it.
zauhar
Veteran
Well, for years it has been the most effective cross-plaform solution.
AND, android phones would not get far without it.
Randy
colyn
ישו משיח
If we wet our pants everytime a security vulnerability pops up we'll never get dry..
This is no different than any other vulnerability and will be fixed soon if it isn't already.
Besides that.....I don't trust Homeland Security. They've already proven themselves liars in the past..
This is no different than any other vulnerability and will be fixed soon if it isn't already.
Besides that.....I don't trust Homeland Security. They've already proven themselves liars in the past..
craygc
Well-known
The reference is to "Java" and not "Javascript". Do note there is a significant difference and not the same thing.
europanorama
Well-known
Get Update
Get Update
Get Java 7 update 10
I am using JavaRa to find it. Its easy. you need JRE and version of your windows-system.
Use the offline-version
After updating go to control panel-java and disable temporarily java-content in browser until the problem is solved.
Btw: Heise Security also mentioned a Flash-Warning
Get Update
Get Java 7 update 10
I am using JavaRa to find it. Its easy. you need JRE and version of your windows-system.
Use the offline-version
After updating go to control panel-java and disable temporarily java-content in browser until the problem is solved.
Btw: Heise Security also mentioned a Flash-Warning
cabbiinc
Slightly Irregular
I know this is like a week old but I've got to point out that version 7 update 10 is the actual problem version. I hope you've upgraded to version 7 update 11 by now.
dovi
Well-known
Most Security sites advise disabling Java Pluggins in your Browser at least. Some say to use more than one Browser-1 for general browsing and another for security sensitive tasks like shopping and banking, with java pluggins enabled. In this way a compromised site cannot piggyback into the sensitive site within the same browser. From what I have read the java problem can allow an intruder to run whatever code they want on your system.
Not too good .
Rob-F
Likes Leicas
Well, I just disabled Java on my imac and then found a message on eBay saying you must have Javascript enabled to use my ebay!
Now what?
Now what?
Rob-F
Likes Leicas
Yeah, OK, it's getting clearer. Under Safari Preferences, I have:
Enable Java
Enable Javascript
Both were enabled. I'll try enable Javascript, and disable Java, right?
Enable Java
Enable Javascript
Both were enabled. I'll try enable Javascript, and disable Java, right?
ColSebastianMoran
( IRL Richard Karash )
Java is different from JavaScript.
The warning is for Java, not for JavaScript. Yes, this is confusing.
ColSebastianMoran
( IRL Richard Karash )
This is different. It's a very unusual warning. The exploit is out there in the wild. I'm taking it seriously and I recommend that others do so as well.
daveleo
what?
YES ! . . . people always confuse the two. They are not the same thing ! !
Gabriel M.A.
My Red Dot Glows For You
Java on an apple? What if there's java on my windows?
sorry, couldn't resist.
sorry, couldn't resist.
willie_901
Veteran
Right now, this instant, there is no secure version of Java on the planet. There may never be one either without a complete redesign/rewrite. Except for legacy usage on corporate or academic intranets, Java should and will go away.
Java Scripit is benign.
Java Scripit is benign.
RObert Budding
D'oh!
They had to do something to justify putting us in an orange state.
thegman
Veteran
For me this is just another scare story from computer-security fetishists. It's amazing how so-called computer experts drum this stuff up. I've been using computers since the BBC B Micro and I don't believe I have ever had a virus or been victim to a trojan. Java has flaws, all software does. It does not bog down the computer or have any other undesired effects, it's a runtime for Java applications, nothing more, nothing less.
Android uses the Java language, but a different runtime. Technically it's not the same, but to the programmer, it is.
The computer media is no better than the regular media, whipping up hysteria and fear gets people reading these BS stories.
Android uses the Java language, but a different runtime. Technically it's not the same, but to the programmer, it is.
The computer media is no better than the regular media, whipping up hysteria and fear gets people reading these BS stories.
thegman
Veteran
True, but there is no 100% secure version of any programming language or Operating System. They're all made by humans, and therefore not perfect.
There is nothing particularly right or wrong with Java, it's not amazing, it's not terrible. I don't see any reason why Java should go away any more than any other programming language/runtime. C++ has flaws, so does .NET, so does Obj-C, even glorious C has issues, we just live with them, same as Leica range finders. We like their strengths, deal with their weaknesses.
zauhar
Veteran
Uhm - is that not another class of virtual machine, targeted at mobile platforms?
I have only developed iOS at this point, but I know android developers, and they seem to spend their time in Eclipse writing Java code.
Now, it may be that the security issues they are wringing their hands over are in fact only associated with the desktop JVMs...
Randy
Gabriel M.A.
My Red Dot Glows For You
While I agree that "the media" is highly alarmist, specially on topics they hardly understand (which is most):
1) I wouldn't call the United States government's Department of Defense "computer-security fetishists".
2) Reading is overrated: the DOJ itself said that they don't usually release advisories of this nature on something as "banal" as Java.
3) Yes, all software is flawed. So are humans. Arguing that it's a fact of life that advisories are superfluous, the CDD and the Department of Health should also be called "medical safety fetishists".
While we're bending definitions, why not "voyeurs"?