Jill Cataldo


Nationally-syndicated money-saving columnist
Blogger, workshop instructor & savings enthusiast
Read by more than 20 million people each week

Smart ways to save on shopping, home, travel and living well!

Jill’s shared her savings methods with:

Java security alert: U.S. Government recommends disabling java in your browser

By:

1/13 UPDATE: Java has released a new version to patch the issue: Download it here!

The U.S. Department of Homeland Security has issued a strong recommendation that everyone disable Java in their web browsers. Java is a computer language that many programs and websites utilize for writing cross-platform applications (and some coupon websites use it for enabling coupon prints through the browser – more on that in a moment.) From the Chicago Tribune:


The U.S. Department of Homeland Security urged computer users to disable Oracle Corp’s Java software, amplifying security experts’ prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web.

Hackers have figured out how to exploit Java to install malicious software enabling them to commit crimes ranging from identity theft to making an infected computer part of an ad-hoc network of computers that can be used to attack websites.

“We are currently unaware of a practical solution to this problem,” the Department of Homeland Security’s Computer Emergency Readiness Team said in a posting on its website late on Thursday.The U.S. government’s warning on Java came after security experts warned earlier on Thursday of the newly discovered flaw.

It is relatively rare for government agencies to advise computer users to completely disable software due to a security bug, particularly in the case of widely used programs such as Java.

Information Week has additional information:

Security experts have a message for all businesses: Disable Java now, and keep it disabled. That’s their advice message after the discovery Thursday of yet another zero-day Java vulnerability, as well as a number of attacks that are already exploiting the flaw to run arbitrary code on PCs.

With some estimates suggesting that 34% of all PCs currently run a version of Java 7, the zero-day vulnerability may now be present on over 400 million systems.

Attackers have been rushing to exploit the vulnerability, which in the past 24 hours has become one of the most-seen exploits by antivirus software. “Java exploit is trending: our generic detection Exploit:Java/Majava.C already in TOP10 for the past 24 hours (with 2 other Java detections),” said Timo Hirvonen, an anti-malware analyst at antivirus vendor F-Secure, in a Friday Twitter post. Earlier this week, a security researcher who goes by the moniker “@Kafeine” — and who’s detailed some of the current attacks that exploit the vulnerability — reported seeing hundreds of thousands of hits on just a single website that was hosting the exploit.

Those attacks are just the beginning. “We anticipate that … this will be very wildly exploited in the field in the coming days via a variety of different vectors,” said Sourcefire’s Randolph.

It’s your computer, and you’re free to do whatever you’d like, of course — but I’ve never seen a warning like this from our government, so I’m taking this threat seriously. And, several years ago my computer was attacked through a different kind of web exploit, which resulted in an attacker installing viruses that completely disabled my computer – despite running antivirus software. I don’t ever want to go through anything like that again, so I’m disabling Java temporarily and waiting for a fix. (Note too that the Java language is different than JavaScript, and this exploit only affects Java. You can leave JavaScript enabled in your browser.)

Coupon printing note: Both SmartSource.com and Redplum.com utilize Java to print coupons. If you disable Java in your browser, you will not be able to print coupons from these sites. If you want to print from these sites, you’ll have to turn your Java back on to do so.

How to disable Java: Sophos article from 2012, with instructions for a variety of browsers

Thank you to Rachel Singer Gordon at Mashup Mom for sending over some links about the Java vulnerability. I suspect we won’t be the only bloggers alerting our readers today about this issue.

Comments

  1. I use NoScript under Firefox to selectively block Java/Javascript from web sites. Default is to block unless I specifically enable either by site or by session.

  2. I use to use Java to print, but haven’t printed anything in months . But recently my DS installed some new Java stuff for his Minecraft game(I approved it since I thought it’s ok) and computer now barely works. Even after running antivirus many times it doesn’t help, and it seems like nothing is wrong .
    How do you know the difference between Java language and JavaScript? Is it just in the name? Thanks!

  3. This may seem like a silly question but I just diasbled Java and now I can’t print the jewel coupons. Will I never be able to print online coupons again from any site?

jillcataldoheadshotI'm Jill Cataldo, founder of Super-Couponing® workshops and author of the nationally-syndicated newspaper column and video series "Super-Couponing Tips" enjoyed by over 20 million people each week.

Want to live well on less? Read full bio

Blogger Badges

JillCataldo.com contains affiliate marketing links and promotional offers. Read full Privacy and Disclosure Statement for details, blogger network affiliations and advertising/PR information.