Homeland Security warns to disable Java amid zero-day flaw

[MuffyBee]

http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/
Homeland Security warns to disable Java amid zero-day flaw
Summary: The U.S. Department of Homeland Security is the latest body to warn users to disable Java software amid escalating concerns over a serious, exploitable vulnerability.
January 11, 2013

The U.S. Department of Homeland Security has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw.

Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.
More...

[MuffyBee]

http://www.pcmag.com/article2/0,2817,2414191,00.asp
How to Disable Java
Java is a handy, cross-platform language that's been mightily abused by hackers. With the discovery of a new Java vulnerability that affects even the most up-to-date version, many experts advise everyone to simply disable Java. Here's how.
January 11, 2013


Java was once touted as the "write once, run anywhere" language. In theory, a single Java program could run on any Java-supporting platform. That dream never quite came to perfection, though, and these days Java is a favorite attack vector for hackers. The Flashback Trojan breached Macintosh computers via a Java vulnerability last year, for example. In August, researchers at FireEye reported another zero-day vulnerability in Java. The most recent Java vulnerability affects all versions of Java 7, including the most current version. Unless you absolutely need it, you should disable Java now.
Fortunately, Oracle offers a Web page with straightforward instructions on how to turn off Java.
More...

[MuffyBee]

Yes, I disabled Java on my computers. 

[MuffyBee]

http://www.zdnet.com/homeland-security-warns-java-still-poses-risks-after-security-fix-7000009785/
Homeland Security warns Java still poses risks after security fix
Summary: After a security fix to patch Java 7 from a massive security vulnerability, the U.S. Department of Homeland Security has reiterated its warning that Java still poses risks.
January 14, 2013

The U.S. Department of Homeland Security has reiterated its warning to Java users that the widely used Web plug-in still poses risks for Internet users, even after Oracle patched the software to prevent hackers from exploiting a zero-day vulnerability.

Amid a serious security flaw in the latest version of Java 7, where even the U.S. Department of Homeland Security has warned users to disable the plug-in, here's how you do it.

Read more
It comes as some security experts are warning that the new software -- Java 7 (Update 11), which was released on Sunday -- may not actually protect against hackers attempting to remotely execute code on user machines.

This code, security experts warn, could be used to acquire personal information and steal identities, or subscribe machines to 'botnets,' which can then be used to hit networks and Web sites with denial-of-service attacks.

Homeland Security said in an updated note that it is reiterating its advice it gave last week, in spite of Oracle updating the Java software to include a security fix that would prevent machines from being attacked by hackers.

The said: "Unless it is absolutely necessary to run Java in Web browsers, disable it [...] even after updating to [Update 11]."
More...

Directions on disabling Java:
http://www.zdnet.com/how-to-disable-java-in-your-browser-on-windows-mac-7000009732/