DHS says turn off your java. It can’t be trusted.

The U.S. Department of Homeland Security urged computer users to disable Oracle Corp’s Java software, amplifying security experts’ prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web.

Hackers have figured out how to exploit Java to install malicious software enabling them to commit crimes ranging from identity theft to making an infected computer part of an ad-hoc network of computers that can be used to attack websites.

Oracle does not have a good record on bug fixes.

Remember that “Java” and “Javascript” are not the same thing. Javascript is not implicated in the warning.

More at the link.

Share

2 Comments

  1. Interesting, figured it was coming. That does break some things. I do a lot of YouTube and use Opera. If you disable Java in my version, YouTube gives you an error msg but can be forced to play anyway. Plays wonky, though. Could be the Opera implementation of turning it off. Not sufficiently curious to track it down. I work in a virtual sandbox, though, so it doesn’t really matter how wretched the security holes are in whatever’s running. Just another demonstration that there’s now no way to make a new secure environment. The trouble’s too deep and built up over too many years.

  2. I have javascript enabled in Opera and I run the NotScript extension.  

    There is a java library in /usr/share/java that has three *.jar files.  There’s no evidence I can find that YouTube calls them.  This in on Slackware.

    Maybe I’ll try removing Java from my Windows computer and seeing what happens the next time I get around to booting it out of Linux Mint.