[See UPDATES below.]
Computer geeks and Internet intellectuals understand a great many things the average users of smart phones and computers do not. While these more enlightened sorts revel in the arcane language of code and intricate programming languages, the rest of us just use our phones and tap away on our computers without much thought as to what’s whirring behind the screens. We do follow basic security rules (create strong passwords, avoid unknown links, input security software, etc.), but given our general lack of useful geekery, we’re usually slow on the uptake when major security issues arise.
In an effort to alert those not so in-the-know, the media has been buzzing this weekend with cautionary articles warning people about a Java bug and why it’s important to pay attention.
Before we get into that, do this: go to your computer, go to your browser, select Preferences, then Security; in the “Web content” section, you’ll see a list of things you can block or enable. Unclick the box that says “Enable Java.” Go do that now, then come back here and finish reading this article. Go on…we’ll be waiting.
Okay, you’re back. Here’s the deal in a nutshell: Homeland Security has discovered a major flaw in “all versions of Java” and, until it is fixed, has cautioned people to disable Java software on their computers. From Forbes.com, in a piece titled Why The Java Bug Is A Big Deal:
If the announcement is correct, hackers might obtain access to any and all data that resides on an individual’s computer, cell phone, or other device. It is uncertain whether a hacker might be able to activate a computer’s video camera. According to some reports by technical publishers, the instructions needed to exploit the security flaw are readily available on the Internet. Until the security flaw is patched, Homeland Security is advising people to disable Java in any computer or device that accesses the Internet. […]
The reality is that the security flaw in the Java programming language will likely find vulnerabilities in a wide range of industries. Perhaps a firm’s research and development system is hacked and that company’s trade secrets and intellectual property find their way to a low-cost competitor in another country. Perhaps a firm’s inventory system is hacked and knowledge of shortages in certain equipment is used to squeeze the company by a supplier. And then, there are the banks with all of our financial data. Let your imagination run.
My imagination is running…I’ve disabled my Java, believe me.
The Oracle company announced this weekend that it was aware of the flaw and would have a fix as quickly as possible:
In a statement Saturday, the company said it was “aware of a flaw in Java software integrated with web browsers.”
The glitch is only in the JDK7 version of the software, and it “does not affect Java applications directly installed and running on servers, desktops, laptops and other devices,” the company said.
“A fix will be available shortly,” the company added. [Source: CTV News]
As of today, however, that fix has still not been announced and while Oracle claims the flaw will not impact your computer, Homeland Security stands by its warning for ALL users of the software to detach for the time being:
It’s rare for a government agency to recommend users completely disable a software program because of a security threat. Typically warnings will recommend taking steps to reduce risk while manufactures work on a security update.
That’s good enough for this ungeek. Until further notice, I’ve unchecked the “Enable Java” box. Probably wise for you to do the same.
[UPDATE: 12:38 pm PST 1.14.14: Though Oracle announced a fix and offers downloads for that purpose, security experts continue to believe it's best to keep Java disabled. Read details here.]