Department of Homeland Security reports Java exploit.

Comments

• YoshoKatana

  January 2013

  Tru Fax. Also, rails had a recent exploit, so you should update that shit if you're running it.
• Walker

  January 2013

  I hear there's money in programming.
• HMTKSteve

  January 2013

  Minecraft?
• Apreche

  January 2013 edited January 2013

  This has always been true. I never have Java installed, except if I have been playing Minecraft. Even then, I disable all Java in the browser. Only allow local Java apps like MInecraft to run. The number one cause of all security issues on normal computers has been Java running in browsers. Use to be Flash/Acrobat Reader, but not so much anymore.

  Post edited by Apreche on January 2013
• George Patches

  January 2013

  I goberment has lots of stuff running on java and their java is generally old as shit.
• Apreche

  January 2013

  I goberment has lots of stuff running on java and their java is generally old as shit.

  Pretty sure lots of Google is written in Java also, but the JVM they run is written by Google, not by Oracle/Sun.
  
  Really running a locally installed Java app like Minecraft, even with an old version, is not the security issue. The issue is if you browse the web and allow Java to execute Java from untrusted sources. I doubt anyone is on a government production Java server and browsing the web with Java enabled in the browser. I guess you might also be stupid and download a java app in an email attachment and run it. Doubt that is happening either.
  
  The real danger here is if your company has an app where the client is an in-browser Java applet. Then all employees using that app have vulnerable browsers. If those employees are browsing the general web, unrestricted, with those browsers, then your company is in danger. If the Java application is just a typical server-side thing, it's not an issue.