DHS is urging computer users to disable or uninstall Java due to a serious flaw in JRE 7. The DHS’ Computer Emergency Readiness Team warned Thursday evening that it was being exploited in the wild and could allow an attacker to execute arbitrary code on vulnerable systems. CERT recommended that Java be disabled in Web browsers. This isn’t Java’s first encounter with zero-day exploits. “I’ve said it before and I’ll say it again; if you don’t need Java, disable it,” said Andrew Storms, director of security operations at nCircle.
And, this one is just lovely confusing. Why? Because there is java, and javascript. The later is impossible to avoid using at all, but, presumably, wouldn't have the same exploits. The other.. is ***mandatory*** when visiting certain sites, where the existing javascript + browser features, can't do what is necessary to deliver a result. A good example of that being apps that show how certain things work in math (since you need to be able to adjust variables, and have the animation change, based on that, and javascript doesn't do either of those things well). Why? Because one is a script language, the other is an actual language. And, of course, this is also what makes it more dangerous. It can do things on the machine that the other ones just can't.
Generally though, if they mean Javascript, not "java"... then you would be breaking like 99.9% of all web pages out there. But, you don't need the full blown thing, for 98% of them. But, the average user, which is to say, the sort of people that might not also have plugins installed to prevent script from running, unless allowed/whitelisted, etc., and wouldn't know what is safe, are not going to have a clue what the difference is.
Loading ...
Jettisoning Java: Damned if You Do, Damned if You Don't
Posted by: Erika Morphy January 12, 2013 07:00 AMDHS is urging computer users to disable or uninstall Java due to a serious flaw in JRE 7. The DHS’ Computer Emergency Readiness Team warned Thursday evening that it was being exploited in the wild and could allow an attacker to execute arbitrary code on vulnerable systems. CERT recommended that Java be disabled in Web browsers. This isn’t Java’s first encounter with zero-day exploits. “I’ve said it before and I’ll say it again; if you don’t need Java, disable it,” said Andrew Storms, director of security operations at nCircle.
Generally though, if they mean Javascript, not "java"... then you would be breaking like 99.9% of all web pages out there. But, you don't need the full blown thing, for 98% of them. But, the average user, which is to say, the sort of people that might not also have plugins installed to prevent script from running, unless allowed/whitelisted, etc., and wouldn't know what is safe, are not going to have a clue what the difference is.