Posts Tagged ‘0-day’

Java attack – Are you in trouble?

Friday, January 11th, 2013

Homeland Security (USA) has warned all users to disable or uninstall Java because they’ve identified a vulnerability with the platform. Here’s their story.

Now, I’m not going to repeat that story. But BEFORE you even think of removing Java, here are a few things you need to pay attention to… And please don’t ignore this. It is serious!

1. Do you need Java?

Well, I do. My virtual classroom software is written in Java. So removing Java would mean end of work. But that’s only one example. If you’re a business, you should make sure if you really need this software. Perhaps you have one or more business applications running Java.

2. Are you online?

This may seem like a silly question in today’s context, but rethink this. There are applications like payroll, for example, that only depend on the local network or a stand-alone PC. If these apps can be run without depending on an Internet connection, then you might as well use them with the Internet unplugged on the system. This would be a way out at least until you find an alternative means of running those apps or until there’s a fix (which¬† don’t see as immediately availabe).¬† But if you cannot afford to disconnect from a net connection, it’s best you remove Java 7.

3. Examples of Java applications:

The following is not a comprehensive list but it is somewhat popular. So taking off Java means the end of these…

  • RuneScape – a browser-driven game
  • LogMeIn – Remote access application. Often used for troubleshooting (even by many Mac service folks). Even I used it once but I was more for TeamViewer.
  • VB6 (Visual Basic 6). No, VB6 is NOT Java-driven. But the installer needed a Java update. And since then you may have updated Java up to version 7; just maybe…
  • WizIQ – Virtual Classroom environment. I’v been using this for some time now.
  • Select Oracle appilcations and certain other applications – For the front-end, they use Java.
  • Applets for alerts, games and website plug-ins or animations. A very old applet since the start of Java has been the fluttering flag. There are more like buttons and stuff.

4. Is OpenJDK vulnerable to this?

Since Oracle (the developers of Java) have licensing restrictions, not everyone is allowed to have Oracle’s Java platform. Thus came Open Java. So is OpenJDK vulnerable?

Answer: Seems not… READ THIS

However, it’s best to look away from Java-based solutions. This is because of the nature of the language, you’re prone to bump into more (similar) issues in the future as well. And as a Java 7 user, maybe your app might not work correctly on Open Java.

Should anyone need fixes or advice from experts, we’re just a few clicks away!

*** All trademarks acknowledged ***