Monday, January 14, 2013

Homeland Security says, "Disable Java in web browsers."

The Department of Homeland Security told users to disable Java in web browsers due to security flaws that allow malicious code to be installed on their computer.  That's not so surprising.  What does seem surprising is that Oracle had no response.  That seems really weird.  Why not tell people that the problems are being addressed or being investigated?

http://news.yahoo.com/government-warns-java-security-concerns-escalate-160640366--sector.html

The other thing that I thought was odd about this is that the problem described on the Department of Homeland Security website had a near identical issue mentioned in August.

Here is a link to the latest issue:

http://www.us-cert.gov/cas/techalerts/TA13-010A.html

Here is a link to the issue mentioned in August:

http://www.us-cert.gov/cas/techalerts/TA12-240A.html

Perhaps these aren't completely identical issues, and that is why the solution is different.  However, it seems as if the Department of Homeland Security is tired of waiting for Oracle to fix the problem - or perhaps they are tired of Oracle saying the problem is fixed when in reality the problem still exists.

Whatever the case is - I will be happy when there are less Java applets in web applications.  I hate getting prompts related to whether or not I want to load/run an applet that is referenced in a web page.

The downside is that every now and then there is an applet that seems kind of cool.  For example, applets that can simulate how high a model rocket will fly depending on wind speed and direction, type and number of engines, staging of engines, and materials used for the various parts of the model rocket.  You can have a non-java applet site calculate the altitude and top speed etc, but I really enjoy the animation.

Update: Apparently Oracle made a fix for the flaw reported last Friday.  You just need to update to Java 7 Update 11 (hmmm...7-11).  However, there is another article that says that there are security flaws that have not been addressed:

http://uk.reuters.com/article/2013/01/14/uk-java-oracle-security-idUKBRE90C0JA20130114

So, I guess the message is - enable Java in your browsers because the security management issue has been fixed, but watch out because you're still not safe.

No comments:

Post a Comment