REDWOOD SHORES, Calif. (TheBlaze/AP) — Even though Oracle released a fix for the flaw in its Java software that raised an alarm last week, the U.S. Department of Homeland Security is still warning people against using it.
Late Thursday, the federal agency recommended that Internet users disable Java software in Web browsers to avoid potential hacking attacks.
Java allows programs to run within websites and powers some advertising networks. Users who disable Java may not be able to see portions of websites that display real-time data such as stock tickers, news, weather updates and ads.
Oracle says the patch was released Sunday. The company recommends that users update Java immediately. The patch sets Java’s default security level to “high” so it prompts users and gives them a chance to decline malicious software before it loads onto their computers.
But on Monday DHS said in a statement that it didn’t fix all the vulnerabilities.
“Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 addresses this (CVE-2013-0422) and an equally severe vulnerability (CVE-2012-3174). Immunity has indicated that only CVE-2012-3174 is addressed with this update,” the DHS statement read.
Watch CBS’s report after DHS’ initial warning regarding the vulnerability:
Submitting your tip... please wait!
sparkyrules
Jan. 15, 2013 at 7:47pmI got hacked
Report this comment
williammcc1
Jan. 15, 2013 at 3:30pm2 things I want to say. number 1 I use puppy Linux with dillo browser neither of which has java if I want it I would have to install it manually
Number 2 I do get those installing this software is a must popups but since I so not use Windows it would never work on my PC anyway that makes it funny to.
That is not to say that Linux is 100 percent secure no system is unless it is never networked but Linux is about one million percent more secure then windows will ever be unless the change there complete system and admin structure.
.
Report this comment
KMM
Jan. 15, 2013 at 5:24pmIf the vulnerability is in Java itself, that has nothing to do with your operating system. Java runs on multiple platforms (Windows, Linux, Mac OS X, etc.) and is pretty pervasive in its use. That’s part of what makes this a concern.
Report this comment
sbenard
Jan. 15, 2013 at 2:33pmJava is running on The Blaze right now! I’ve never seen a website with so many scripts embedded into it!
Report this comment
jcldwl
Jan. 15, 2013 at 3:22pmThe owners of Oracle must be conservative for the government to attack them like this. When is the last time the Government ever told us not to use a software. They say don’t do it, I do it.
Report this comment
SocialistSlayer
Jan. 15, 2013 at 6:24pmIn firefox Install Ghostery Add 0n to rid yourself of the Blaze Trackers ! 17 Items Blocked on the Blaze — more than any other site I visit !
Report this comment
Ghandi was a Republican
Jan. 15, 2013 at 1:12pmIf you are using a personal computer- Never put sensitive information right out in the open. Bury personal files several folders deep in an oddly named folder. Do not label folders obvious names like “Banking” or “Passwords”. Do not use passwords that consist of your first born or your dog or your street address.
What you can do is at least use something in reverse while substituting a number for a letter (as in 7 where an L might be etc).
Using security measures you can to gain some piece of mind. You can ‘hide’ folders and password protect them. The average person has little to worry about if they use some common sense. Backup these folders periodically and store them offsite in case of a fire, burglary, hard drive crash. If everyone used decent measures it would make ‘hacking’ a time consuming and unfruitful endeavor.
Report this comment
Chet Hempstead
Jan. 16, 2013 at 12:43amThat’s not how you spell Gandhi.
Report this comment
DebateMe
Jan. 15, 2013 at 12:28pmJava is horrible. It seems like every other day it needs to update and then when it updates it takes 20 minutes. I personally can’t stand it – it is far too intrusive for what it offers.
Report this comment
Joey.Herrigton
Jan. 15, 2013 at 7:54amI wonder how this affects Android users. Android apps are written in Java
Report this comment
laminac
Jan. 15, 2013 at 10:27amWhile it is a java syntax, it is a different compiler and does not use the Java runtime enviornment. Java is not installed on an android device, so it shouldn’t effect android apps at all. Also it seems this is only when you are running java apps in a browser, which is actually pretty obsolete. most newer websites will use flash (which has some vulnerabilities as well) or javascript(which is not related to java at all).
Report this comment
G-WHIZ
Jan. 15, 2013 at 10:52amMany devices use JAVA icluding aCD, DVD,BLURAY-players and recorders use forms of JAVA. Most celphones use JAVA in their opp/systems. Almost every day I get security-updates from JAVA.
The Fed/govt is always telling you what not to eat or use…They said: “don’t use [DDT] and demanded-forced the world to not use it!! Billions of deaths occur in Aftican-countries form MOSQUITOES carying DEATH-VIRI cause of the U.S.A./GOVT. intervention!! Over 30yrs-later THE FED/GOVT QUIETLY RELEASED a story that they found [DDT] AS NOT DANGEROUS TO HUMANS AND MANY-OTHER ANIMALS!! MSM GIVES NOT A PEEP!! Because of this, [DDT] IS STILL BANNED ACROSS THE WORLD and hundreds of millions DIE across the world!!
Report this comment
___
Jan. 15, 2013 at 6:58amuse CCleaner to review which Java versions you have on your computer. Many have several old versions that Oracle / Sun never took off. One must remove manually.
The government uses Java more and more for their applications and data mining and storage. Oracle must be in their back pocket.
TomFerrari
Jan. 15, 2013 at 3:10pmI suspect this is the stick, not the carrot. COMMIEcrats / Obama have a policy of rewarding friends and punishing enemies, and a record of threatening you until you comply with their wishes (Joe Arpaio / Obama birth certificate). Google, Apple & Microsoft are most certainly in the COMMIEcrats / Obama pocket. As Oracle is a competitor, I suspect this is the stick beating them to behave as told, or a punishment for not funding the COMMIEcrats campaigns adequately.
The SAME is going on with WalMart. The SEC is investigating WalMart re: executives and corruption in Mexico. Then WalMart is reportedly going to back COMMIEcrats / Obama infringment of #2nd Amendment by requiring background checks for all transfers. In reaction, Walmart has announced they will spend billions buying American goods & will hire every veteran who wants a job. (This will help the COMMIEcrats / Obama artificially exaggerate US production figures and employment figures.)
Report this comment
Pontiaku
Jan. 15, 2013 at 3:04amThis isn’t breaking news. Even “Microsoft” abandoned JAVA in the late 90′s IIRC for this very issue. ActiveX wasn’t much of an improvement though.
Report this comment
Joey.Herrigton
Jan. 15, 2013 at 7:56amThat, and the fact that Sun won basically a lawsuit against MS because MS was implementing their own Java interpreter in its Windows products.
Report this comment
2GodBeTheGlory
Jan. 15, 2013 at 2:01pmActually, ActiveX is much worse than java as ActiveX does not have a container. Thus homeland security has also said not to use Internet Explorer. When ActiveX runs, it has the same access to the computer that the user has… without the user knowing what is going on behind the screen. Java, for all it’s faults, at least has a container, “sandbox”, and is available on almost ALL platforms, Internet Explorer is not. Once I get a client off Internet Explorer and onto Firefox, 80% of the calls stop. 25+ years in the computer field.
Report this comment
Pontiaku
Jan. 15, 2013 at 7:27pmThumbs up for Firefox. I used Netscape until Mozilla came along. Now I got Firefox with more than a dozen addons. After all these years Internet Explorer is still garbage.
Report this comment
iamjack
Jan. 15, 2013 at 2:37amThere are actually two flaws that attackers can use, and the fix that Oracle released only fixes one of them. Unless you absolutely need it, it’s best to disable the use of Java in browsers. That vast majority of people have no need for it anyway (keeping in mind that Java and Javascript are two completely different, and unrelated languages).
Report this comment
patriotteapress
Jan. 15, 2013 at 12:41amWhat really concerns me about soda’s is the DHMO (dihyrogen monoxide). No one ever talks about it. People dye from the stuff every year, yet soda’s are full of it. If you don’t know what DHMO is, it’s one of the things they make rocket fuel from. It’s also one of the suspected chemicals in chemtrails. I’m tired of the “big” corporations feeding us chemicals. Until they quit putting this stuff in our soda’s, I’m going to just drink bottled water.
Report this comment
patriotteapress
Jan. 15, 2013 at 12:56amSorry, I thought I was posting the above on the Coke article. Not sure what happen!
Report this comment
mmacbayne
Jan. 15, 2013 at 1:44amDear PATRIOTTEAPRESS,
My intention here is to be helpful, not disparaging, and point out (in case this was not posted jokingly) that dihydrogen monoxide is a chemical description of water. Dihydrogen (2 hydrogen molecules) monoxide (one oxygen), that is H20, or as we know it better, water.
Report this comment
media-bias-steals-elections
Jan. 14, 2013 at 9:00pmNobody could use WordPress without using Java (you could not log into theBlaze and post a comment without using it). Try to find a web site that does not use java script (in other words how many phones have been rooted simply checking your precious Facebook and Twitter accounts)?
You can open a window to let fresh air in your house, all that is stopping people is a simple screen that keeps out the bugs? Does that mean you invite people into your house? No. This is the ethical test for humanity, either we respect others and do not do to others what we would not want done to us, or we will live the hell being not ethical, and watch prosperity and civilization walk away from us?
Hackers know what is a web site, and what is not, and how to be ethical.
Report this comment
VoteBushIn12
Jan. 14, 2013 at 11:05pmAttention random travelers of the Internet.
“Java” is NOT the same as “Java Script”. The two languages are completely different. The only reason “Java Script” has the word Java in it is because when it came out Java was a the hot language and they wanted to piggy back the success. They are COMPLETELY DIFFERENT LANGUAGES.
There are Java applets that can run in the browser, but the vast majority of websites (including TheBlaze) do not use them.
Report this comment
Goldi-lox
Jan. 14, 2013 at 11:34pmTo VoteBushin12 (below):
And are we to ASSUME that DHS knows the difference between JAVA and JAVASCRIPTING?!
And WHY do so many sites DEMAND that we turn on Javascripting? Sites like theBlaze.com, Breitbart.com, wnd.com, etc. are OVERLOADING their pages with so much crappy scripting that it’s becoming a pain in the neck to even visit some of them (especially Farah’s site). These guys need to RETHINK whether all that crap is needed–and why. It is certainly NOT to help the end-user; it is mostly to try to sell lots of IFFY junk…
And by the way, it is TOTALLY DISINGENUOUS the Beck’s sites to run so many anti-google articles (which they often do) when those same sites USE google analytics and doubleclick and lots of other CRAP that google uses to snoop on us…
–JMNSHO.
Report this comment
VoteBushIn12
Jan. 15, 2013 at 12:46am@GOLDI-LOX
“Are we to assume they know the difference?”
… Um YES that is a pretty safe assumption to make. MOST computer technically minded people understand the difference between Java and JavaScript. They aren’t even in the same class of languages. Java is compiled and runs on VM, JavaScript is interpreted.
There are really very few vulnerabilities associated with JavaScript. If you have a modern browser there aren’t really many things you can do with JavaScript to harm the user. There are other things more threatening on the internet than malicious JavaScript.
And JavaScript has way more positive functional uses. FOR EXAMPLE. When you’re typing and it’s telling you how many characters are remaining – JAVASCRIPT. That handy scroll to top button on the right – JAVASCRIPT. The way the Reply button takes you to the bottom of the page and lets you reply without having to reload the entire page- yeah that’s JavaScript too.
The more ya konw
Report this comment
Joey.Herrigton
Jan. 15, 2013 at 7:58amAgreed! Little SAT question for you: Java and JavaScript is to Car and Carpet!
Report this comment
Stelex
Jan. 14, 2013 at 8:19pmSo the Government wants us to stop it, Makes me want to use it. But is it reverse psychology? Or is it double reverse psychology. I will no longer use Java where not needed and will not use java where not needed or not use Java when not needed to download Java. Anyone up for a letter??????? Good F’n God…….This whole net thing is getting creepy on every level.
Report this comment
Rational Man
Jan. 14, 2013 at 8:12pmI dumped java quite a while ago because of nasty zeroaccess snooper bug that rode into my laptop on a java update un-noticed at the time. It popped up on a Norton 360 scan later. It took me several days to figure out how to get rid of that thing. The online “fixes” and removal tools didn’t work. Norton 360 identified the file location from scanning, but couldn’t get rid of it. I had to delete the file manually myself. It took over control of the permissions and not being a computer wizz, it took me several tries to figure out how to get around it and gain administrator status of the file and delete the file with the snooper bug in it. It actually created a duplicate of another valid file to hide in. I also discovered one or two other files that were mutating into duplicates of their hosts and deleted them too. While going through that mess, I read up a little on the bug and it IS a nasty little #$%$ that in some cases can monitor your key strokes and take control of your computer, so I read online by others that had to deal with it. I have had similar but less serious problems with auto updates from others including windows and adobe. I don’t do auto updates anymore and when I do update manually, I always run scans immediately afterwards.
Report this comment
Stelex
Jan. 14, 2013 at 8:28pmDid you try Crystalline Boogers download, gets rid of all that crap, picks out invasive programs called “pearls” and eradicates the slimy “Shnoogers” bug. If you upgrade its good for the “Snotfest” virus and the “yellow phlem” trojans. Good lord people, if your online, your under scrutiny by so many sources it crazy. The illusion of any and I mean any privacy online is just that …….. ILLUSION.
Report this comment
Lando
Jan. 14, 2013 at 7:50pmlol
you can’t just stop using java, almost all modern websites use it in some fashion
but i guess government knows best
Report this comment
climber25
Jan. 14, 2013 at 8:01pmThey are talking about Java 7 only, not all versions of Java.
Report this comment
iamjack
Jan. 15, 2013 at 2:28amLando, you don’t even need to have Java installed, no modern browser requires it. You are thinking of Javascript (officially known as ECMAScript). They are completely different languages and share no common heritage. Javascript’s name was chosen solely to capitalize on the popularity of the Java language.
Report this comment
Lando
Jan. 15, 2013 at 9:38pmTouché
Report this comment
XquisiteWretch
Jan. 14, 2013 at 7:41pmOne simple way to avoid getting hacked: don’t download anything. If anything pops up on a website prompting you to install something, and the website is not a secured .gov site or what have you, don’t install it. Simple as that… you can avoid 99% of viruses just by doing that.
Report this comment
piper60
Jan. 14, 2013 at 7:38pmWhen the gov’t warns against doing anything, I take it with a grain of salt.
Report this comment
GayDem4Beck
Jan. 14, 2013 at 7:34pmPlease sign this White House Petition: Calling for Obama to Cancel All 2nd Term Inaugural Balls & Gala’s:
https://petitions.whitehouse.gov/petition/cancel-all-2nd-term-inaugural-balls-galas-current-economy-we-cannot-afford-extravagant-parties-rich/qMXHyrtN?utm_source=wh.gov&utm_medium=shorturl&utm_campaign=shorturl
Report this comment
Al J Zira
Jan. 14, 2013 at 7:25pmThe funny part is The Blaze doesn’t work without Java enabled.
Report this comment
guns-an-bibles
Jan. 14, 2013 at 7:37pm“the U.S. Department of Homeland Security is still warning people against using it.”
That is all the reason I need to use it!
Report this comment
spfoam1
Jan. 14, 2013 at 8:04pmI didn’t disable JAVA, I completely removed it from all my PCs, yet I am obviously on the Blaze now.
Report this comment
DadRocked
Jan. 14, 2013 at 8:33pmFunnier part is that DHS tells us something…
I always do the opposite of what they recommend…
Report this comment
madnessofjack
Jan. 14, 2013 at 7:22pmI know this is off topic…..but Ruger has a “take action” page to send a message to our representatives that gun owners take their gun rights seriously and wont stand idly by as the “progressives” seek to cripple the 2nd amendment.
Please help.
http://www.ruger.com/micros/advocacy/takeAction.html
Report this comment
Brainmuffin
Jan. 14, 2013 at 7:21pmI remember when Java on the browser was secure. Now it is crap.
Report this comment
rpp
Jan. 14, 2013 at 7:20pmI am very skeptical of warnings of this type from the government. I would prefer to hear it from Symantec or McAfee.
Report this comment
FreedomPurveyor
Jan. 14, 2013 at 7:30pmSymantec and McAfee products are worse than most of the viruses they are designed to protect you from, and don’t actually do a very good job of protecting your computer anyway. Have you ever tried to uninstall McAfee?
Report this comment
Smokey_Bojangles
Jan. 14, 2013 at 7:44pmI agree with Freedom.
Report this comment
GuruMeditation
Jan. 14, 2013 at 7:04pmThey advise against it while the federal government uses it themselves.
Report this comment