[Jakob1406]

Hi,

There has been a big storm around the security of Java lately.
Several governments has advised the public to disable Java due to the recently discovered 0-day breach.

Should I really be that concerned?
The breach has been there since they "patched" it last one in October, and as I understand it hackers have known about it far longer than we have.
I kind of think the media is blowing this out of proportion (it wouldn't be the first time...).

Could someone with actual tech expertise give me some pointers, so that I don't have to rely on what the media is trying to sell me.

I'm sure a lot of people are asking the same questions, so a quick response would be much appreciated!

Jakob

[Advertisements]

The bottom line is .. As Java is installed on so many systems then it is the biggest malware target out there.
Just two of the many items written about this Here and Here

Suffice it to say that unless you desperately need Java on your system then uninstall it

The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.

According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10. This information could not be immediately verified, but if you have Java installed, it would be a very good idea to unplug Java from your browser, or uninstall this program entirely if you don’t need it. I will update this post as more information becomes available.

Krebs on Security

[Essexboy]

The bottom line is .. As Java is installed on so many systems then it is the biggest malware target out there.
Just two of the many items written about this Here and Here

Suffice it to say that unless you desperately need Java on your system then uninstall it

The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.

According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10. This information could not be immediately verified, but if you have Java installed, it would be a very good idea to unplug Java from your browser, or uninstall this program entirely if you don’t need it. I will update this post as more information becomes available.

Krebs on Security

[Jakob1406]

Thank you for the quick response!

Sadly, I need it for now...
How would you rate this threat? Is it as bad as they say?

[Essexboy]

Lets put it this way.. I do not have java on my system and I believe it to be real

[Jakob1406]

Well they've patched it for now. It'll be interesting to see how long it lasts this time...
Thank you for your advice!

Thread closed.