Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Urgent: Disable Java on Your Computer (Homeland Security warns of potential hacker attack)
American Thinker ^ | 01/13/2013 | Bill Schanefelt

Posted on 01/13/2013 6:53:40 AM PST by SeekAndFind

If you have not yet seen or acted upon Homeland Security's warning, I urge you to do so immediately:

The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.  The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts.

BlazingCatFur explains the situation:

My suspicion is that it's related to this: Iran blamed for massive cyber attack on U.S. banks data centers as 'puppet hacking group' says they did it because the anti-Mohammed movie is still on the internet.

BCF links to a helpful site, but the instructions may be a bit confusing to some:

Last month Oracle released a new Java version, Update 10, that includes a one-stop option for disabling Java in all browsers in the Java Control Panel. Open Control Panel and launch the Java applet. If you don't see it, switch to Classic View (in XP) or small icons (in Vista or Windows 7). Click the Security tab. In previous versions this tab just allowed advanced users to manage Java-related certificates. It now displays a security-level slider and, more important, a single checkbox titled "Enable Java content in the browser." Un-check this box, click OK, and you're done.


(Excerpt) Read more at americanthinker.com ...


TOPICS:
KEYWORDS: hacker; homelandsecurity; java
Navigation: use the links below to view more comments.
first 1-5051-56 next last

1 posted on 01/13/2013 6:53:43 AM PST by SeekAndFind
[ Post Reply | Private Reply | View Replies]

To: SeekAndFind

It appears that firefox disabled it for me.


2 posted on 01/13/2013 6:57:10 AM PST by cripplecreek (REMEMBER THE RIVER RAISIN!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind

Why can’t we just remove Java as I did yesterday in control panel’s ‘uninstall a program’ feature in Windows 7?


3 posted on 01/13/2013 6:57:44 AM PST by IbJensen (Liberals are like Slinkies, good for nothing, but you smile as you push them down the stairs.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: IbJensen

You can also remove Java, but don’t you want it back later?


4 posted on 01/13/2013 6:58:55 AM PST by SeekAndFind
[ Post Reply | Private Reply | To 3 | View Replies]

To: SeekAndFind

Yes, but will we be notified when it’s safe to reinstall the latest version?

Also is there any alternative to Java that has been proven safe?


5 posted on 01/13/2013 7:00:08 AM PST by IbJensen (Liberals are like Slinkies, good for nothing, but you smile as you push them down the stairs.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: SeekAndFind

So is this legit or what? I just looked at mine - it’s the 6.0 version - way behind on updating I am.


6 posted on 01/13/2013 7:02:16 AM PST by don-o (He will not share His glory and He will NOT be mocked! Blessed be the name of the Lord forever.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind

FYI

From Firefox/Mozilla:

“In order to protect you, Firefox has stopped the Java plugin from running automatically because it has a security issue. However, you can still use Java on trusted sites if necessary. We’ll show you how [via the link below]”:

https://support.mozilla.org/en-US/kb/how-to-use-java-if-its-been-blocked


7 posted on 01/13/2013 7:02:45 AM PST by TomGuy
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind

HERE IS A HELPFUL SITE:

HOW TO DISABLE JAVA ON YOUR BROWSER

http://www.gizmodo.com.au/2013/01/how-to-disable-java-in-your-browser/


8 posted on 01/13/2013 7:04:22 AM PST by SeekAndFind
[ Post Reply | Private Reply | To 1 | View Replies]

To: IbJensen
... but will we be notified when it’s safe to reinstall the latest version?
No one will notify you, just keep watching the Internet (or FR) for news.
Oracle Corp has announced they're releasing a security patch on Tuesday.
9 posted on 01/13/2013 7:05:24 AM PST by oh8eleven (RVN '67-'68)
[ Post Reply | Private Reply | To 5 | View Replies]

To: don-o

RE: So is this legit or what?

It is a legitimate computer threat being reported now.

See here for various reports:

http://www.google.com/search?hl=en&gl=us&tbm=nws&q=Java+Hacker&oq=Java+Hacker&gs_l=news-cc.3..43j43i400.3656.5401.0.5674.11.4.0.7.7.0.72.223.4.4.0...0.0...1ac.1.3IYf1CYw3hE


10 posted on 01/13/2013 7:05:24 AM PST by SeekAndFind
[ Post Reply | Private Reply | To 6 | View Replies]

To: don-o
I had 7.0 and just updated so the disable java tab could be used.
I feel all safe, warm, and fuzzy now that HS came to my rescue.
11 posted on 01/13/2013 7:05:36 AM PST by MaxMax (Gun free zones was the invitation to gun bans by the left, at any cost)
[ Post Reply | Private Reply | To 6 | View Replies]

To: don-o

Oracle confirms latest Java 7 vulnerability and announces ‘a fix will be available shortly’

http://thenextweb.com/apps/2013/01/12/oracle-confirms-latest-java-7-vulnerability-and-announces-a-fix-will-be-available-shortly/?awesm=tnw.to_o0ZLE&utm_campaign=social%20media&utm_medium=Spreadus&utm_source=Twitter


12 posted on 01/13/2013 7:05:43 AM PST by sheikdetailfeather (Yuri Bezmenov (KGB Defector) - "Kick The Communists Out of Your Govt. & Don't Accept Their Goodies.")
[ Post Reply | Private Reply | To 6 | View Replies]

To: IbJensen
Why can’t we just remove Java as I did yesterday in control panel’s ‘uninstall a program’ feature in Windows 7?

Because, for some/many, there are essential websites and programs that require Java.

I find that with some video websites. When I disable Java, the videos won't work.

I also have some 'standalone' programs that are based on Java.

==

If 'you' uninstalled it and everything works, good. Some of use need it.
13 posted on 01/13/2013 7:06:01 AM PST by TomGuy
[ Post Reply | Private Reply | To 3 | View Replies]

To: SeekAndFind

http://www.techsupportalert.com/

Get a free Firewall(Comodo), Anti-Virus (Panda that uses Cloud), Anti-Malware, and a few other scanning software - and you will be fine...disabling JAVA will upset certain websites and other things on your computer...

A multi-approach defense is better than cancelling out a needed software program like JAVA...


14 posted on 01/13/2013 7:08:22 AM PST by BCW (http://babylonscovertwar.com/index.html)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BCW

Since when do we trust DHS?
I don’t even know what Java is, but when I see FEMA or DHS tell me to do something I’m going to be suspicious right off.
Maybe this is one f those times DHS gets the broken clock award of the day though.


15 posted on 01/13/2013 7:13:37 AM PST by Clump ( the tree of liberty is withering like a stricken fig tree)
[ Post Reply | Private Reply | To 14 | View Replies]

To: TomGuy

Thanks Tom - I noticed FF installing an update the other day, but paid no attention.


16 posted on 01/13/2013 7:16:39 AM PST by don-o (He will not share His glory and He will NOT be mocked! Blessed be the name of the Lord forever.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Clump

This is a variant of a Java problem since 2011 (I think). DHS didn’t find it. This is an example of the slavish MSM giving credit to a bungling government for something done by free markets.


17 posted on 01/13/2013 7:17:45 AM PST by jjotto ("Ya could look it up!")
[ Post Reply | Private Reply | To 15 | View Replies]

To: jjotto

Ok I should have known that.
They don’t even get the broken clock award.
They get the “day late dollar short irrelevant useless goobermint agency” of the day award.


18 posted on 01/13/2013 7:20:36 AM PST by Clump ( the tree of liberty is withering like a stricken fig tree)
[ Post Reply | Private Reply | To 17 | View Replies]

To: jjotto

I can’t find anywhere that explains what the vulnerability is, or gives sample exploit code.


19 posted on 01/13/2013 7:21:51 AM PST by proxy_user
[ Post Reply | Private Reply | To 17 | View Replies]

To: SeekAndFind

Nothing new here.

Java has always been computing security hell.


20 posted on 01/13/2013 7:23:09 AM PST by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind
I transferred JAVA to my flash drive. Then I deleated it from my computer. Figured I could reinstall it later if needed.

Question is how will I know if a pop up saying "for those who uninstalled JAVA, download this latest version that has been patched to resolved any potential problems", is legit or just a way for the hacker to get control of my computer?

21 posted on 01/13/2013 7:23:37 AM PST by Evil Slayer ((Onward, Christian soldiers, marching as to war....))
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind

What I don’t get is why there are several versions of Java on my computer. After you do an update you’d think it would delete the former update prior to it. I remember back in the Windows XP days, you’d see several 100+ MB files of Java Updates that were still there, instead of deleting the old files when it updates a new file.


22 posted on 01/13/2013 7:27:56 AM PST by Blue Highway
[ Post Reply | Private Reply | To 1 | View Replies]

To: jjotto; SeekAndFind

Ah, got it:

“The exploit takes advantage of two issues in JDK 7: The ClassFinder and MethodFinder.findMethod(). Both were newly introduced in JDK 7. ClassFinder is a replacement for classForName back in JDK 6. It allows untrusted code to obtain a reference and have access to a restricted package in JDK 7, which can be used to abuse sun.awt.SunToolkit (a restricted package). With sun.awt.SunToolkit, we can actually invoke getField() by abusing findMethod() in Statement.invokeInternal() (but getField() must be public, and that’s not always the case in JDK 6) in order to access Statement.acc’s private field, modify AccessControlContext, and then disable Security Manager. Once Security Manager is disabled, we can execute arbitrary Java code. Our exploit has been tested successfully against multiple platforms, including: IE, Firefox, Safari, Chrome; Windows, Ubuntu, OS X, Solaris, etc.”

So if you don’t have Java 7, but are running 6 or 5, then you are good.


23 posted on 01/13/2013 7:28:38 AM PST by proxy_user
[ Post Reply | Private Reply | To 17 | View Replies]

To: proxy_user

mmm...

Geeks who actually understand it tend to have their own sources, but there’s a fair amount of details like

http://blogs.cisco.com/security/new-java-vulnerability-being-exploited-in-the-wild/

...This Java vulnerability is due to improper security protections on built-in classes in the Java Runtime Environment.

An unsigned Java applet can use the setSecurityManager() function to bypass security checks and access an elevated security context.

There are a few allegations that the exploit for this new Java vulnerability (CVE-2013-0422) is very similar to the Java vulnerability reported late last year (CVE-2012-5088); however, it seems they are fairly different.

This article describes some of the technical details of the exploit...


24 posted on 01/13/2013 7:28:58 AM PST by jjotto ("Ya could look it up!")
[ Post Reply | Private Reply | To 19 | View Replies]

To: jjotto; SeekAndFind

Here is a full description of the vulnerability with sample code:

http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html

They are basically using tricks to get access to a private field in the security context object and changing it.


25 posted on 01/13/2013 7:40:53 AM PST by proxy_user
[ Post Reply | Private Reply | To 23 | View Replies]

To: jjotto

The article I posted explains the relation between the two vulnerabilities. They added the AccessControlContext field to stop the first problem. When they released Java 1.7, it turned out that some of the new methods could be used to change the value of this field.


26 posted on 01/13/2013 7:44:16 AM PST by proxy_user
[ Post Reply | Private Reply | To 24 | View Replies]

To: SeekAndFind

I know nothing about computers. I’m on an ancient Quicksilver Power Mac G4, running 10.4.1. My Java plugin settings are from 2005, and 2009. Do I need to do anything?


27 posted on 01/13/2013 7:48:57 AM PST by Dr. Bogus Pachysandra ( Ya can't pick up a turd by the clean end!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Clump

“Since when do we trust DHS?”

Me too.


28 posted on 01/13/2013 7:57:23 AM PST by duffee (In need of new tag line)
[ Post Reply | Private Reply | To 15 | View Replies]

To: SeekAndFind

And I should believe anything Big Sis has to say????


29 posted on 01/13/2013 7:58:31 AM PST by Lion Den Dan
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lion Den Dan

Most IE browsers (8 and 9) have the “manage add ons” feature and you can disable java/sun there. But then again, I don’t trust anything Big Sis says either. I can tell you that most local gov’ts are dependent on web apps that use ancient versions of java. These contracted web developers have no incentive to upgrade their apps since the gov’t money just keeps rolling in and most gov’t computers are ancient (they put all taxpayer funds into salaries, benefits and pensions, not equipment)


30 posted on 01/13/2013 8:04:55 AM PST by AbolishCSEU (Percentage of Income in CS is inversely proportionate to Mother's parenting of children)
[ Post Reply | Private Reply | To 29 | View Replies]

To: SeekAndFind

The solution to this problem is not disabling anything unless you also disable or uninstall Flash, Adobe reader and all other browser plug-ins that you might have. It is true that Java has a zero-day and the others don’t (that we know about). But you can only get pwned by going to a malicious website. YOu will not get pwned by running java applets from legitimate websites. When Flash has their next zero day, the DHS will probably tell you to disable that, or may they won’t. Relying on their advice is foolish. Just don’t surf to shady websites (e.g. get rich quick, porn, too-good-to-be-true, etc).


31 posted on 01/13/2013 8:05:41 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 1 | View Replies]

To: IbJensen

Html5 is on verge of replacing java.
That will eventually be exploited.


32 posted on 01/13/2013 8:07:50 AM PST by Morris70
[ Post Reply | Private Reply | To 5 | View Replies]

To: Morris70

Thanks, Morris. I’ll wait until Tuesday to see what happens. Meanwhile, I’ve noticed that streaming videos can be watched using my internet service without Java....apparently.


33 posted on 01/13/2013 8:12:42 AM PST by IbJensen (Liberals are like Slinkies, good for nothing, but you smile as you push them down the stairs.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: SeekAndFind

I do not view “The Department of Homeland Security” as a legal organization, because it infringes on my Constitutional rights.


34 posted on 01/13/2013 8:18:06 AM PST by Terry L Smith
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind

There’s a lot of misinformation posted on this thread (not the original post but the responses to it).

This *really* is a *legitimate* threat - this is not some trumped up tempest in a teapot dreamed up by the government. It’s not just DHS that has issued this sort of warning - it’s basically anyone that has anything to say about computer security.

And no - confining yourself to “legitimate” websites may not be adequate - as these sites have the potential to be compromised by the bad guys.

Uninstalling Java is fine - but turning off the Java plugin in your browser is good enough.

No need to “save a copy” of what you uninstall - as you can always get a copy of the new code when it’s been released and deemed “secure”.


35 posted on 01/13/2013 8:30:34 AM PST by 2 Kool 2 Be 4-Gotten
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind

I can’t even find JAVA on my computer. I can disable Java script on Firefox and Internet Explorer, but there is no “Java” program installed, that I can find.


36 posted on 01/13/2013 8:42:25 AM PST by mark3681
[ Post Reply | Private Reply | To 1 | View Replies]

To: mark3681
I can’t even find JAVA on my computer

Just go to Google Maps and type in "Indonesia". ;)

37 posted on 01/13/2013 8:50:44 AM PST by dfwgator
[ Post Reply | Private Reply | To 36 | View Replies]

To: mark3681

May or may not make sense but “javascript” and “java” are, in fact, two different things.

http://gizmodo.com/5975475/how-to-disable-java-in-your-browser

Google “how to disable java in your browser”. If there are no enabled java “Plugins” in your browser(s) then you’re fine.


38 posted on 01/13/2013 8:54:59 AM PST by 2 Kool 2 Be 4-Gotten
[ Post Reply | Private Reply | To 36 | View Replies]

To: cripplecreek
It appears that firefox disabled it for me.

After the 18 update of firefox , went in reactivated and this 'puter speed-ed up. Must be H S must be useing a program that java is catching and not allowing their programs run

39 posted on 01/13/2013 9:04:20 AM PST by piroque ("In times of universal deceit, telling the truth becomes a revolutionary act")
[ Post Reply | Private Reply | To 2 | View Replies]

To: 2 Kool 2 Be 4-Gotten

Wonderful, but you’re over-reacting.

That Java update has been out since October, everybody and their cat has noted/taken action on the problem and now that DHS has decided to justify their existence for this week by broadcasting old news, I’m supposed to go run after this latest Shiny Thing?

The ONLY reason I can see for this “news” (other than the desire to justify existence that I’ve already noted) is that somebody decided that Sun (the evil corporation that did Java) didn’t donate enough to The 0’s campaign and will have to be destroyed.

Exactly as the very same people tried to do to Toyota.


40 posted on 01/13/2013 9:05:02 AM PST by Unrepentant VN Vet
[ Post Reply | Private Reply | To 35 | View Replies]

To: Unrepentant VN Vet

Thank you for your service in VN - but on this one you’re just plain wrong. The new security hole was just discovered a few days ago. And it wasn’t the government that originally sounded the alarm - if anything the government is a bit late to the party.


41 posted on 01/13/2013 9:12:03 AM PST by 2 Kool 2 Be 4-Gotten
[ Post Reply | Private Reply | To 40 | View Replies]

To: SeekAndFind; All

There is a simple and effective solution to this and other threats. Do you want a bullet-proof web surfing computer that can’t be corrupted? Any perceived problems can be fixed by a quick reboot. No anti-virus programs required to protect it, either.

Keep your Windows or Mac computer isolated offline. Many of us have older desktop computers laying around or can scrounge one up for little or nothing. A hard drive isn’t even needed, just a DVD drive. I use a 10-year-old Dell with 512Mb memory, but could get by with even less. Boot that old desktop PC off an operating system demo disk. Oops, Windows and Apple don’t offer one. Use a Linux demo disk, such as Ubuntu or Mint. You can buy demo disks online or else download and burn images from the Linux websites to create CD or DVD boot disks.

If you ever believe you stumbled across a boobytrapped website, just reboot to purge the problem - you have no hard disk to compromise.

Is a little inconvenience worth the simplicity and safety?


42 posted on 01/13/2013 9:21:42 AM PST by TexasRepublic (Socialism is the gospel of envy and the religion of thieves)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Unrepentant VN Vet

Oracle, like most tech companies, overwhelmingly supported Obama and other Democrats. And, like most companies these days, also supported some select Republicans too.

Oracle says the patch for the latest Java exploit will be out this week, as is being widely reported.

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html


43 posted on 01/13/2013 9:23:47 AM PST by jjotto ("Ya could look it up!")
[ Post Reply | Private Reply | To 40 | View Replies]

To: Evil Slayer
Question is how will I know if a pop up saying "for those who uninstalled JAVA...
A general rule of thumb is to ignore all pop ups, especially if they want you to go to some website or "warn" you about something, or download a "must have" program, etc.
Keep watching the internet for Oracle to announce either a new update or security patch. Should be ready by Tuesday.
Then go to Oracle's site to download and install. Here's the link (http://java.com/en/download/index.jsp)
44 posted on 01/13/2013 9:54:55 AM PST by oh8eleven (RVN '67-'68)
[ Post Reply | Private Reply | To 21 | View Replies]

To: mark3681
I can’t even find JAVA on my computer. I can disable Java script on Firefox and Internet Explorer,
Disabling is all you really need to do for now.
You can find JAVA in the Control Panel ... click Start, Settings, Control Panel. Right click the icon and Open.
45 posted on 01/13/2013 10:02:01 AM PST by oh8eleven (RVN '67-'68)
[ Post Reply | Private Reply | To 36 | View Replies]

To: oh8eleven

My MS security scan picked up and quarantined 3 “JS/BlacoleRef.W” trojans this morning after I got a clean scan with AVIRA premium just hours prior.
Any connection?

I use “NoScript” which is a Mozilla app for Sea Monkey. It allows me to selectively block or permit Java - which many sites require for things to work.


46 posted on 01/13/2013 10:12:15 AM PST by George Varnum (Liberty, like our Forefather's Flintlock Musket, must be kept clean, oiled, and READY!)
[ Post Reply | Private Reply | To 44 | View Replies]

To: SeekAndFind

Just more BS to confuse Internet innocents. JAVA has always been insecure, but many web pages won’t work without it. Furthermore, Microsoft Windows itself is fundamentally insure in almost every way conceivable anyway. The government suddenly telling people to quit using JAVA would be like them telling people to quit driving their cars because some other driver might hit them.

Do remember, this is the Obama administration issuing this statement! While at the same time as giving out worse-than-useless advice to people that will make their web browsing quit working, they’re also busily undefending our borders, playing kissy-kiss with our enemies, and instituting a massive domestic spy apparatus.

So there you have it. Are you really going to screw around with your PC because the Obama Administration told you to?


47 posted on 01/13/2013 11:33:41 AM PST by catnipman (Cat Nipman: Vote Republican in 2012 and only be called racist one more time!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: George Varnum
I use “NoScript” which is a Mozilla app for Sea Monkey.
I use it too - it covers a lot more than just Sea Monkey.
48 posted on 01/13/2013 11:50:32 AM PST by oh8eleven (RVN '67-'68)
[ Post Reply | Private Reply | To 46 | View Replies]

To: oh8eleven

Thanks for the reply. SOrry to get back to you so late. Got sidetracked.
I looked in control panel, all programs, etc., etc. Nothing there. Disabled Javascript in Firefox and Explorer. From what I have been told, javascript and java are two different things. Javascript is O.K.?? Java is not?
Anyway, I even searched the C drive for “Java”. Only thing that comes up is Javascript in Adobe Reader 10.


49 posted on 01/13/2013 11:57:34 AM PST by mark3681
[ Post Reply | Private Reply | To 45 | View Replies]

To: oh8eleven

Thanks!!


50 posted on 01/13/2013 11:58:18 AM PST by Evil Slayer ((Onward, Christian soldiers, marching as to war....))
[ Post Reply | Private Reply | To 44 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-56 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson