Java Security Issues
Security researchers across the world have said web users are still at risk from flaws in Oracle’s Java, a software platform used across websites, despite the company issuing a patch to fix it.
The patch is meant to reduce vulnerabilities that were leaving people at risk of identity theft and credit card fraud. Adam Gowdiak, a researcher with Poland’s security exploration who has discovered several bugs in Java over the past 12 months said: “We don’t dear tell users that it’s safe to enable Java again”
Java is so widely used that the software has become a prime target for hackers. Last year, Java surpassed Adobe’s Reader software as the most frequently attacked piece of software, according to security software maker Kaspersky. A week before Oracle issued the patch, the US Department of Homeland Security advised people to disable Java. Bitdefender also advised people not to use it.
How will it affect you?
If you are committed to using Java, make sure you have updated it to the new-patched version. Being on the latest version won’t eliminate every risk, but it will ensure you are covered for existing threats, and it reduceds the chance of being hit by others.
Turning off Java is easy. In Chrome, type chrome://plugins in the address bar. Scroll down to the Java section and click ‘Disable’ you can easily turn it back on again following the same process.
In Firefox, go to Tools, Add-ons, and Plugins and click disable. Turning Java off in IE is more difficult, but you can easily remove it in Windows by going to the Control Panel and removing the software entirely.
Once you have done this, your browser will tell you when a site requires Java, giving you the option of turning it on if you trust the site.
What do I think?
All companies are hit by security holes – it’s impossible to keep bugs out of software as there are as many, if not more hackers looking for new ways to attack than there are security researchers looking to keep us safe.
We can’t blindly depend on web firms to keep us safe. We need to learn how to take defensive measures on our own. In this case, it’s relatively easy, and a good lesson. By turning off features and plug-ins you don’t use, you’ll leave fewer holes for attackers to sneak through and jeopardise your security.
However, it’s high time that the worst offenders – Oracle with Java and Adobe with PDF software and Microsoft with Windows, Office and IE – Improved their game and do more to protect us. When security is such an issue that government agencies are advising users to ditch software, it time to admit there is a problem.
Security experts say Oracle is as much as two years behind patching serious holes in its software. The company need to invest in improving its software or it could risk losing users.
Don’t wait for Oracle to catch up: disable Java now, you will cope without it.