I hate Java.Â There, I said it.Â Any IT pro who has had to support multiple versions of this malware breeding ground knows that Java is a complete nightmare.Â I detested dealing with Java when I was an administrator/engineer.Â Well, the chickens have come home to roost for Oracle.
A commercially available attack hacker toolkit called Blackhole includes the ability to attack the latest version of Oracle Java on all platforms, including Windows, Mac OS, and Linux.Â Attacks are already in the wild.Â These drive-by attacks silently attack the Java VM when a user browses the web site, leaving the machine vulnerable to being taken over.
If you want to find out if your version of Java is vulnerable to any security flaws then you can check it on this website.Â I can save you a mouse click: your Java is vulnerable because â€¦ all versions of Java are vulnerable:
â€śOracle knew about zero-day Java vulnerabilities for months, researcher saysâ€ť according to Computerworld.Â I read on The Register that claims Oracle has known about the vulnerabilities since April.Â Oracle are sticking silently to their patching schedule, and wonâ€™t patch the vulnerabilities until mid October.Â Thatâ€™s responsible of Oracle, eh? Not!
So with no patch to secure Java (thereâ€™s an impossibility!), security experts are recommending that you disable Java in your browser.Â Iâ€™d go one step further: uninstall the sh1te and find alternative applications/banks that understand the need for security.Â Anyone who continues to recommend or sell Java based apps should be ignored, fired, thrown off of a cliff (joking about the last action â€¦ I think).
â€śThe most commonly observed types of exploits in 1H11 were those targeting vulnerabilities in the Oracle (formerly Sun) Java Runtime Environment (JRE), Java Virtual Machine (JVM), and Java SE in the Java Development Kit (JDK). Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quartersâ€ť â€“ A report in 2011.
As for Microsoft software having vulnerabilities; yes â€“ any large software does, including Linux, Andoid and Mac OS.Â Youâ€™re a naive moron if you think otherwise.Â Where Microsoft rises above the competition is that they deal with the issues as they arise, release patches, and scream from the mountain tops to get you to patch.Â They even give you simple free, and enterprise tools to automate this.Â But naive morons donâ€™t want to listen because they have their heads up their asses:
- 23/09/2008: Microsoft released a security patch that would have prevented Conficker
- 24/11/2008: Conficker is first discovered 1 month after Microsoft released the patch
- Mid-2011: Conficker is still the #1 malware present on domain-joined (business) PCs, thanks to the naive, professionally negligent, morons who think they know better
Check yourself and your facts before you fire out stupid comments about Microsoft just cos youâ€™ve gotten into bed with a malware breeding ground like Java.
Oracle has since released an update.Â I don’t have Java on my machines so I can’t tell you anything more about it.Â I believe the Java updater only looks for updates once per month.
This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.
No related posts.