This notice is not related to diabetes or TuDiabetes, specifically, but is an important security warning for any of our members and visitors who use PCs. Please continue reading.

Hackers could install malicious software, increasing vulnerability ...

The Department of Homeland Security is urging computer users to disable or uninstall the Java programming language because of a serious security vulnerability.

The flaw in Java 7 "can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system," according to a warning posted Thursday by the U.S. Computer Emergency Response Team (CERT).

Hundreds of millions of consumers and businesses may be affected.

Hackers could exploit the flaw to install malicious software or malware that could make users vulnerable to identity theft or allow their computers to be exploited by "botnets" that could crash networks or be used to attack web sites.

"Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds.

DHS said it is "currently unaware of a practical solution to this problem."

Java was developed by Sun Microsystems, which Oracle bought in 2010. There's no indication when a security patch might be available, and Oracle had no comment Friday night, Reuters said.

Java allows programmers to write software using a single set of code that will run on almost any computer.

MacRumors reports that Apple has already disabled the Java 7 plug-in installed on Macs.

ZD Net first reported the so-called zero-day vulnerability. In a follow up, it showed how the flaw could be exploited.

See the original article.

Tags: JAVA, PC, hackers, security

Views: 856

Reply to This

Replies to This Discussion

Homeland Security??? The internet is filled with warnings. (and with urban legends) If this were really a Homeland Security issue wouldn't it be on the news?

It would help if I understood word 1 of the above copied info.

Emily , this notice is confusing for me ; I use CareLink , Medtronic for my pump uploads . I have not been able yet , when I upload my Veo pump to check if Java 7 is what is being used .

Would you recommend I connect with Medtronic Canada before the next upload ??? Thanks, N

I think it may be for real as this link explains. Sydney Morning Herals is one of our most respected newspapers:
http://www.smh.com.au/it-pro/security-it/experts-urge-pc-users-to-d...

It's real, or everyone has been fooled. Reuters is widely respected enough. http://uk.reuters.com/article/2013/01/11/us-java-security-idUKBRE90...
Not a good ad for Oracle either.

Open your browser. Go to settings of Add-ons or Plug-ins. In this list you will find the Add-on called "Java(TM) Platform ...". Please disable this Plug-In so that the Browser is not using it anymore. After that the browser needs to be restarted. If you do not find these settings in your browser then switch to a browser like FireFox.

You can check the status of your Java Add-in by following this link and clicking on "check java version". The check should fail to detect Java.

Java has a zero-day exploit. This means a bug has been found that is ALREADY being used to hack computers. After the problem has been fixed by Oracle the Java Add-on can be enabled again. Of course this is interesting for homeland security. Our BSI in Germany has issued the same warning.

Here is the english page to check the installed java version.

Thank you, Holger; some of us need explicit directions like this rather than complex techie talk! I guess if you guys all think it's something serious I'll pay attention. I think I better e-mail my college tech support though to see if Java impacts my courses which open Tuesday.

I was unable to find anything like settings and add-ons so I went to the "check java version" and it said "no java installed" so I'm good. Thanks Holger.

I think I was able with the help of your instructions Holger to enable ?? ...Thank You !! I kept this link on file
http://www.java.com/en/download/testjava.jsp

You mean disable, right? The idea is to disable the Java add-on so the browser can not use it until it has been fixed. This means the check on the page should tell you that Java is disabled / not running.

shows you Holger , that I don't even know the lingo : disable it is ..thanks again . As a follow up , I plan to call Medtronic Canada tomorrow as well

Actually, I think a "zero day exploit" means that the vulnerability is now previously known and that victims are caught unaware and without defense. If the world becomes aware, then it is no longer zero day.

RSS

Advertisement



REsources

From the Diabetes Hands Foundation blog...

Where are you Medicare? The elephant was not in the room

  This was the question burning in people’s mind and passionately talked about yesterday and today at the General Sessions of the AACE/ACE Consensus Conference on Glucose Monitoring, an event to bring together in Washington, DC all relevant stakeholders to Read on! →

#MedicareCoverCGM Panel Discussion

If you follow the diabetes online community, you know that #MedicareCoverCGM is a big deal. We have continued to raise awareness on #MedicareCoverCGM because we believe that ALL people living with diabetes should have access to continuous glucose monitors (CGM). With Read on! →

Diabetes Hands Foundation Team

DHF TEAM

Manny Hernandez
(Co-Founder, Editor, has LADA)

Emily Coles
(Head of Communities, has type 1)

Mila Ferrer
(EsTuDiabetes Community Manager, mother of a child with type 1)

Mike Lawson
(Head of Experience, has type 1)

Corinna Cornejo
(Development Manager, has type 2)

Desiree Johnson  (Administrative and Programs Assistant, has type 1)


DHF VOLUNTEERS


Lead Administrator

Bradford (has type 1)


Administrators

Lorraine (mother of type 1)
Marie B (has type 1)

Brian (bsc) (has type 2)

Gary (has type 2)

David (dns) (type 2)

 

LIKE us on Facebook

Spread the word

Loading…

This website is certified by Health On the Net Foundation. Click to verify. This site complies with the HONcode standard for trustworthy health information: verify here.

© 2014   A community of people touched by diabetes, run by the Diabetes Hands Foundation.

Badges  |  Contact Us  |  Terms of Service