U.S. says Java still risky, even after security update

Tue Jan 15, 2013 4:25am IST

A sign is shown at the headquarters of Oracle Corporation in Redwood City, California February 2, 2010. Picture taken February 2, 2010. REUTERS/Robert Galbraith/Files

A sign is shown at the headquarters of Oracle Corporation in Redwood City, California February 2, 2010. Picture taken February 2, 2010.

Credit: Reuters/Robert Galbraith/Files

Related Topics

Stocks

   

REUTERS - The U.S. Department of Homeland Security warned that a security update of Oracle Corp's ORCL.O Java software for Web browsers does not do enough to protect computers from attack, sticking to its previous advice that the programme be disabled.

"Unless it is absolutely necessary to run Java in web browsers, disable it," the Department of Homeland Security's Computer Emergency Readiness Team said on Monday in a posting on its website.

The software maker released an update to Java on Sunday, just days after the government issued its initial warning on the software, saying that bugs in the program were being exploited to commit identity theft and other crimes.

Security experts have warned that PCs running Java in their browsers could be attacked by criminals seeking to steal credit-card numbers, banking credentials, passwords and commit other types of computer crimes.

The Java software platform, created in the mid-1990s, enables developers to write one set of code that will run on PCs running on Microsoft Corp's (MSFT.O) Windows, Apple Inc (AAPL.O) Macs and servers running on the Linux operating system.

Security experts say the bugs only affect one part of the platform - software that plugs into Internet browsers.

While some researchers have long complained the software was buggy, it started generating more public scrutiny last year after a security scare in August.

"It's not like Java got insecure all of a sudden. It's been insecure for years," said Charlie Miller, a computer engineer with Twitter who has previously worked as a security consultant to Fortune 500 firms and as an analyst with the National Security Agency.

Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky Lab.

Public interest in the issue surged last week as the Department of Homeland Security advised the general public to stop using Java and consumers turned for information on how to implement the agency's advice.

To disable Java on a Windows PC, go to the machine's Control Panel. Open the Java icon, click on the Security panel and uncheck the box for "enable Java content in the browser."

Further information is available from Oracle on its Java website here

Oracle's shares were little changed, up 13 cents at $34.99.

(Reporting by Jim Finkle; Editing by M.D. Golan and Andre Grenon)

FILED UNDER:
Photo

After wave of QE, onus shifts to leaders to boost economy

DAVOS, Switzerland - Central banks have done their best to rescue the world economy by printing money and politicians must now act fast to enact structural reforms and pro-investment policies to boost growth, central bankers said on Saturday.

Earnings Season

Reuters Showcase

Obama In India

Obama In India

In parting shot, Obama prods India on religious freedom.  Full Article 

Market Rally

Market Rally

Sensex, Nifty hit record high for fifth straight session.  Full Article 

Restructuring

Restructuring

Max India to be split into three separate companies.  Full Article 

India’s Male Tenor

India’s Male Tenor

India’s lone male tenor wants to ‘Indianise’ opera  Full Article 

Indian Equities

Indian Equities

Hornbill raising $250 mln to invest in equities - partner.  Full Article 

Ratings Downgrade

Ratings Downgrade

S&P downgrades Russia's sovereign credit rating to "junk".  Full Article 

Facebook Outage

Facebook Outage

Facebook takes blame for service outages, which hit wider Web.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device  Full Coverage