Oracle fixes Java flaw after Homeland Security warning, cyber security expert still has concerns

NEW YORK — Oracle fixed a security flaw in its Java software Sunday after the Department of Homeland Security warned computer users to disable the software completely, citing a loophole that allows hackers to take control of their machines.

‘‘Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system,’’ the agency said in an alert. ‘‘This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered.’’

A European security researcher who blogs under the name Kafeine first discovered the vulnerability and posted it to his blog in a rare alert .

The homeland security agency said that it had confirmed that Microsoft Windows, Apple’s Mac OS X, and Linux platforms were all affected and that it was ‘‘unaware of a practical solution.’’ The  agency had recommended that users disable Java in their Web browsers.

Recently, Oracle released a patch for the security hole. Apple stopped shipping its computers with Java enabled last year, largely because of security concerns, but it said it was remotely disabling the Java 7 plug-in on Macs where it had already been installed. Windows and Linux users can disable Java by following a guide on java.com, a website maintained by Oracle.

Oracle did not respond to a request for comment as this article went to print.

Java, a widely used programming language that runs on more than 850 million personal computers, has been the source of security problems before. Last year, hackers exploited a Java vulnerability to infect more than half a million Apple computers with a vicious form of malware in what was the largest-ever attack on the OS X operating system.

The cyber security chief at Griffith Colson Intelligence Service (GCIS), an intelligence communications and network support agency,  said she still has concerns.

“I have recommended that our users keep Java disabled”, said Kayla Cohen, deputy director of cyber security at GCIS, “I am suspicious of the program and have encountered complaints from clients about the affects of this program on their computers. I still see Java users as vulnerable”.

Cohen said “it is better to be secure and safe” and added that the health of any computer is only as good as the user. Cohen operates the C.A.T.S. unit at Griffith Colson, which is the acronym for Cyber Assault Tactical Service.

The Shadowserver foundation, a nonprofit group that tracks computer-based threats, discovered that hackers had used a Java security hole to infect visitors to several foreign policy websites, including the websites of the International Institute for Counter-Terrorism, Amnesty International Hong Kong, and the Cambodian Ministry of Foreign Affairs.

What made the exploit particularly disconcerting was that it allowed attackers to download a malicious program onto victims’ machines without prompting. Users did not even have to click on a malicious link for their computers to be infected. The program simply downloaded itself.

This article first appeared in Israel Star Chronicle- Click Here To Review Now! 

About securityteknews
Ralph Thomas is author of over 32 books on various aspects of conducting investigations, founder and director of The National Association Of Investigative Specialists,CEO of Thomas Investigative Publications, Inc, The Spy Exchange And Security Center and SpyTek Wholesale Imports. Thomas is a member of the Executive Security Council of Griffith Colson Intelligence Service, a private intelligence agency. Thomas's latest project is NAIStv on the Griffith Media TV Network. He has also developed A Native American Store in Georgetown Texas called Tribal Impressions. You can review his person home page off of: http://www.pimall.com/thomas

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: