Subscribe to the InfoTech eNewsletter

infoTECH Feature

January 14, 2013

Homeland Security says Oracle's Java Software Should Not be Used

On Sunday January 13, 2013, Oracle (News - Alert) Corp said it created updates to fix two vulnerabilities in the version of Java7 for Web browsers. It also said it switched Java’s security default settings to high.

This is meant to make it more difficult for suspicious programs to run on personal computers without the user’s knowledge.

This comes after The U.S. Department of Homeland Security urged PC users to disable the Java program because of bugs in the software that were being exploited to commit identity theft and other crimes.

Security experts said Sunday’s emergency update by Oracle still does not protect PCs from being attacked by hackers who intend to commit cyber crimes.

The Department of Homeland Security and computer security experts said on Thursday that hackers figured out how to exploit the bug in a version of Java used with Internet browsers to install malicious software on PCs.

That has enabled them to commit crimes from identity theft to making infected computers part of an ad-hoc networks that used to attack websites.

In the past year, a researcher with Poland’s Security Explorations, Adam Gowdiak, has discovered several bugs in the software. He suggested the update from Oracle leaves several critical security flaws unfixed.

"We don't dare to tell users that it's safe to enable Java again,” he said.

"The safest thing to do at this point is just assume that Java is always going to be vulnerable. Folks don't really need Java on their desktop,” said HD Moore (News - Alert), chief security officer at Rapid7.

Rapid7 is a firm that helps business identify critical security vulnerabilities in their networks. Moore said it could take two years before Oracle can fix all the security bugs that have currently been identified in the version of Java that is used for surfing the Web.

Advice from security consultants includes that businesses remove Java from all employees’ browsers. Only those who absolutely need to use the technology for critical business purposes should use the language.

Vulnerabilities and flaws, according to Oracle, only affect the most recent version, which is Java7, as well as versions of the software that were designed to run on browsers. According to security software maker Kaspersky Lab (News - Alert), Java surpassed Adobe Systems Inc.'s Reader software in 2012, as the most frequently-attacked piece of software.

Java was responsible for 50 percent of all cyberattacks last year, when hackers broke into computers by exploiting software bugs, according to Kaspersky.

At this time, security experts have been analyzing the safety of Java. A similar security scare occurred in August, which prompted some of them to advise using the software only on an as-needed basis.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida.  Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.

Edited by Braden Becker

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers