Concerns about the susceptibility of the Java programming language to
cyberattacks culminated Thursday night, with a warning posted on the
Department of Homeland Security’s Computer Emergency Readiness Team
(US-Cert) calling on the public to temporarily disable Java on their personal computers.
The call came in response to the discovery of a new vulernability
that lets an attacker execute code on a PC running Java. The
vulnerability is reportedly already being used in “exploit kits” which
are pre-packaged, for-sale tool kits that can be used to commit online
crimes such as stealing someone’s identity.
“We are currently unaware of a practical solution to this
problem,” the posting said. Oracle, which acquired Java when it bought
Sun Microsystems in 2010, has not yet issued a security patch for this
particular vulnerability.
Security experts have been advising people to disable Java for some
time, since it is so commonly targeted by cyber criminals. Last fall,
Apple won praise for a Mac update that removed a Java plugin from all
Mac-compatible web browsers. “I think that the way they’ve handled Java
in the browser was their biggest win in 2012,” Charlie Miller, a former
NSA employee turned noted Apple hacker, told Ars Technica.
On Friday, Mozilla announced it was blocking all recent Java plugins from automatically loading in the browser unless a user specifically “clicks to play.”
Turning off Java can be done in a few simple steps, depending on which browsers you use.
Mac owners who use Google Chrome can go to Chrome://plugins and verify that the Java plugin is disabled. If you use Safari,
you can choose Safari>Preferences, click security and uncheck the
box that says “enable Java.” If you use Firefox, you can choose
Tools>Add-ons, search “My add-ons” and disable any Java plugin.
Windows users can find a good guide to turning off Java on KrebsonSecurity.com.
No hay comentarios.:
Publicar un comentario