Here we go again...

Uninstall

I used one financial website application that wouldn't run for me now that I have uninstalled JAVA. Their website wanted to install the latest JAVA update to run their application, which I declined. Customer service wanted to assure me its safe since they use HTTPS. I doubt that would solve the JAVA security issue so I told them no thanks. Fortunately, they have a new application that uses Adobe Air to provide most of the same information. I hope its more secure than JAVA.

I used one financial website application that wouldn't run for me now that I have uninstalled JAVA. Their website wanted to install the latest JAVA update to run their application, which I declined. Customer service wanted to assure me its safe since they use HTTPS. I doubt that would solve the JAVA security issue so I told them no thanks. Fortunately, they have a new application that uses Adobe Air to provide most of the same information. I hope its more secure than JAVA.

This site is a good place to start studying your software.

http://www.cvedetails.com/product/11602/Adobe-Adobe-Air.html?vendor_id=53

Here's the latest, probably half-fixed, update 13.

http://www.v3.co.uk/v3-uk/news/2241063/oracle-rushes-out-another-java-update

Here's the latest, probably half-fixed, update 13.

http://www.v3.co.uk/...her-java-update

Thanks for that. You'd like to think they'd get it right this time as they really don't want to keep on releasing updates that don't solve the issue.

They won't.

They won't.

Yep, I'm starting to think that they want to kill off Java so they can join the rest of us in the 21st century. God Oracle is a dinosaur.

Hackers strike big using JAVA again:

http://www.zdnet.com/facebook-apple-hacks-could-affect-anyone-heres-what-you-can-do-7000011520/?s_cid=e539

Hackers are exploiting a previously unknown and currently unpatched vulnerability in the latest version of Java to surreptitiously infect targets with malware, security researchers said Thursday night.

The critical vulnerability is being exploited to install a remote-access trojan dubbed McRat, researchers from security firm FireEye warned. The attacks work against Java versions 1.6 Update 41 and 1.7 Update 15, which are the latest available releases of the widely used software. The attack is triggered when people with a vulnerable version of the Java browser plugin visit a website that has been booby-trapped with attack code. FireEye researchers Darien Kindlund and Yichong Lin said the exploit is being used against "multiple customers" and that they have "observed successful exploitation."

The security of Java is reaching near-crisis levels as reports of new in-the-wild exploits have become an almost weekly occurrence over the past few months.

http://arstechnica.com/security/2013/03/another-java-zero-day-exploit-in-the-wild-actively-attacking-targets/

I've been testing FireEye this week. It actually gives you a nice look at the infection vector.

A particular (and valid) site gets hacked and the hackers simply divert a link elsewhere so the website A/V doesn't pick it up.

It quietly downloads java to your PC and hey presto!

Really, just turn it off. It's beyond a ****ing joke.