{"id":1934,"date":"2013-01-14T20:40:40","date_gmt":"2013-01-14T20:40:40","guid":{"rendered":"https:\/\/blogs.swarthmore.edu\/its\/?p=1934"},"modified":"2013-01-14T20:40:40","modified_gmt":"2013-01-14T20:40:40","slug":"java-the-hackers-best-friend","status":"publish","type":"post","link":"https:\/\/blogs.swarthmore.edu\/its\/2013\/01\/14\/java-the-hackers-best-friend\/","title":{"rendered":"Java – The Hacker’s Best Friend"},"content":{"rendered":"

Some of you may have heard that a significant security vulnerability was disclosed recently that affects pretty much all versions of Java. Oracle (who now owns Java) seemed to be dragging their feet on providing a fix until they felt some heat from the U.S. Government. A fix was made available today but only for users of Java version 7. Java runs on all operating systems so Mac users are impacted along with PC users. \u00a0Note:<\/em> there won’t be a fix available for Mac users with Snow Leopard or earlier<\/span> so your best option is to totally disable Java.<\/em><\/p>\n

How do you know if you have Java installed?<\/strong>
\nClick on this link to find out: http:\/\/www.java.com\/en\/download\/installed.jsp<\/a><\/p>\n

If you don\u2019t need Java (not to be confused with JavaScript), you should uninstall it or, for Windows, disable browser use in the Java Control Panel (see http:\/\/www.java.com\/en\/download\/help\/disable_browser.xml<\/a>). In addition to the Department of Homeland Security<\/a>, many security industry experts are recommending that Java be disabled immediately<\/span> (fix or no fix).<\/p>\n

Unfortunately, a number of us require Java for applications that we use at work (including for web apps like GoToMeeting and WebEx).\u00a0 So, if you absolutely must keep Java installed, you should strongly consider disabling Java in all<\/strong> your browsers except the one that you access Java-based applications with.\u00a0 Use that one browser just for your Java-based applications.\u00a0 Use your other browsers, the ones with Java disabled, to access the Internet.<\/p>\n

Below are steps to disable Java in all browsers except Internet Explorer (so IE is a good choice for the browser where Java is left enabled).<\/p>\n

Firefox<\/span>
\n1.\u00a0\u00a0 \u00a0Click on the Firefox<\/strong> tab (or Tools) then and then select Add-ons<\/strong>
\n2.\u00a0\u00a0 \u00a0In the Add-ons Manager window, select Plugins<\/strong>
\n3.\u00a0\u00a0 \u00a0Click Java (TM) Platform<\/strong> plugin to select it
\n4.\u00a0\u00a0 \u00a0Click Disable<\/strong> (if the button displays Enable then Java is already disabled)<\/p>\n

Safari<\/span>
\n1.\u00a0\u00a0 \u00a0Choose Safari Preferences<\/strong>
\n2.\u00a0\u00a0 \u00a0Choose the Security<\/strong> option
\n3.\u00a0\u00a0 \u00a0Deselect Enable Java<\/strong>
\n4.\u00a0\u00a0 \u00a0Close Safari Preferences window<\/p>\n

Chrome<\/span>
\n1.\u00a0\u00a0 \u00a0Type about:plugins<\/strong> in the browser address bar.
\n2.\u00a0\u00a0 \u00a0In the Plugins panel, scroll to the Java section. Click Disable<\/strong> to disable the Java Plug-in.
\n3.\u00a0\u00a0 \u00a0Close and restart the browser to enable the changes<\/p>\n

While you\u2019re diligently dealing with this Java mess, you should go ahead and update your installed Adobe products (Reader, Flash and AIR) and install the most recent Microsoft patches (for Windows machines).\u00a0 Significant security vulnerabilities in these software packages were also patched recently and should be installed as soon as possible.<\/p>\n

With all these patches needing installation for various applications, it\u2019s difficult to keep track.\u00a0 I still recommend using BrowserCheck from Qualys (browsercheck.qualys.com<\/a>) for what amounts to a quick, one-click assessment of missing security patches on your Mac or PC.\u00a0 It\u2019s free and there\u2019s no registration required.\u00a0 I\u2019ve written about BrowserCheck previously here:<\/p>\n

https:\/\/blogs.swarthmore.edu\/its\/2010\/10\/18\/give-your-computer-a-fighting-chance\/<\/a>
\nhttps:\/\/blogs.swarthmore.edu\/its\/2011\/06\/15\/update-your-browser-save-your-computer\/<\/a>
\nhttps:\/\/blogs.swarthmore.edu\/its\/2012\/03\/12\/update-everything\/<\/a><\/p>\n

In summary, if you don’t need Java, get rid of it.
\nNick<\/p>\n","protected":false},"excerpt":{"rendered":"

Some of you may have heard that a significant security vulnerability was disclosed recently that affects pretty much all versions of Java. Oracle (who now owns Java) seemed to be dragging their feet on providing a fix until they felt some heat from the U.S. Government. A fix was made available today but only for users of Java version 7. Java runs on all operating systems so Mac users are impacted along with PC users. \u00a0Note: there won’t be a fix available for Mac users with Snow Leopard or earlier so your best option is to totally disable Java. How … Continue reading Java – The Hacker’s Best Friend<\/span><\/a><\/p>\n","protected":false},"author":41,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[96,97],"tags":[],"class_list":["post-1934","post","type-post","status-publish","format-standard","hentry","category-security","category-software"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph2nPL-vc","_links":{"self":[{"href":"https:\/\/blogs.swarthmore.edu\/its\/wp-json\/wp\/v2\/posts\/1934","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.swarthmore.edu\/its\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.swarthmore.edu\/its\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.swarthmore.edu\/its\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.swarthmore.edu\/its\/wp-json\/wp\/v2\/comments?post=1934"}],"version-history":[{"count":17,"href":"https:\/\/blogs.swarthmore.edu\/its\/wp-json\/wp\/v2\/posts\/1934\/revisions"}],"predecessor-version":[{"id":1946,"href":"https:\/\/blogs.swarthmore.edu\/its\/wp-json\/wp\/v2\/posts\/1934\/revisions\/1946"}],"wp:attachment":[{"href":"https:\/\/blogs.swarthmore.edu\/its\/wp-json\/wp\/v2\/media?parent=1934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.swarthmore.edu\/its\/wp-json\/wp\/v2\/categories?post=1934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.swarthmore.edu\/its\/wp-json\/wp\/v2\/tags?post=1934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}