I looked into it and it seems valid. I updated my Java and removed the old version. I'm posting this for my friends who read my blog so you can have this information for your benefit. Here is what was on that document:
December 2010
Increase in Java Exploits
From the Desk of Bruce Showel
Java is a programming and computing platform widely used for stand-alone and web-based applications/applets, including utilities, games, and business applications. The platform was first released by Sun Microsystems in 1995. Many applications and websites require end-users to have Java installed, and the software is used extensively because of its flexibility. Once a program has been created and compiled in Java, it will run on a variety of software and operating system platforms (such as Windows and Macs).
What are the potential cyber security concerns?
There has been a rapid increase in the amount of malware that attempts to exploit vulnerabilities in Java. In the second quarter of 2010, there were an estimated 500,000 exploits, up from virtually zero a year before. Between Q2 2010 and the middle of Q3, that figure had increased to more than six million.
The attacks are based in part on older versions of Java. When a newer version of Java is released and installed on a machine, the older version does not automatically get uninstalled. This behavior was intended to provide an easy way to roll back to an older version in case of compatibility issues. However, there is an exploit code publically available on the Internet that hackers are using which detects whether previous versions of Java are installed on a user’s machine and exploits the vulnerabilities that exist in those versions.
What can I do to be safe?
It is important that users are installing the latest version of Java released by Oracle. To confirm the correct version, visit the following site: http://www.java.com/en/download/installed.jsp.
Because older versions of Java are not automatically removed when newer versions are installed, it is recommended that users take the extra step of uninstalling the older versions if they are not needed. The uninstallation can be accomplished by using an application known as JavaRa, which is designed to remove all traces of older Java installations on your system.
Home users typically do not need the older versions of Java installed once they have upgraded their Java software and should follow the steps below to remove the older versions of Java.
To remove Java software using the JavaRa tool:
• Download the tool from: http://raproducts.org/wordpress/software
• Once this tool is downloaded, perform the following steps:
• Double click on JavaRa.zip
• Locate the file named JavaRa.exe
• When prompted whether or not you want to allow the program to run, click run.
• From the drop down box, select your language and click on the Select button.
• Now that the program is running, you can Search for Java Updates or Remove Older Versions of Java.
Please note that the Multi-State Information Sharing and Analysis Center (MS-ISAC), a division of the Center for Internet Security, makes no warranties, express or implied, as to the safety and reliability of the JavaRa application.
We encourage enterprise users to check with their respective Information Technology (IT) Department and Information Security Office (ISO) prior to downloading, installing, and using this or any product. Additionally, always ensure that your anti-virus and anti-spyware products are up-to-date.
For More Information:
Microsoft:
http://blogs.technet.com/b/mmpc/archive/2010/10/18/have-you-checked-the-java.aspx
JavaRa:
http://raproducts.org/wordpress/software
http://raproducts.org/javara.html
ZDNet:
http://www.zdnet.co.uk/blogs/security-bullet-in-10000166/microsoft-warns-of-java-exploit-rise-10020826/
Techworld:
http://news.techworld.com/security/3246147/mac-users-hit-with-windows-style-koobface-trojan/
Cisco:
http://blogs.cisco.com/security/java-exploits-another-example-of-tomorrows-threat-landscape-today-2/
SANS Internet Storm Center:
No comments:
Post a Comment
Thank you for your comments. Be a friend, subscribe and follow my blog!