Feds warn PC users to disable Java due to security flaw

This notice is not related to diabetes or TuDiabetes, specifically, but is an important security warning for any of our members and visitors who use PCs. Please continue reading.

Hackers could install malicious software, increasing vulnerability to identify theft or "botnets."

The Department of Homeland Security is urging computer users to disable or uninstall the Java programming language because of a serious security vulnerability.

The flaw in Java 7 "can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system," according to a warning posted Thursday by the U.S. Computer Emergency Response Team (CERT).

Hundreds of millions of consumers and businesses may be affected.

Hackers could exploit the flaw to install malicious software or malware that could make users vulnerable to identity theft or allow their computers to be exploited by "botnets" that could crash networks or be used to attack web sites.

"Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds.

DHS said it is "currently unaware of a practical solution to this problem."

Java was developed by Sun Microsystems, which Oracle bought in 2010. There's no indication when a security patch might be available, and Oracle had no comment Friday night, Reuters said.

Java allows programmers to write software using a single set of code that will run on almost any computer.

MacRumors reports that Apple has already disabled the Java 7 plug-in installed on Macs.

ZD Net first reported the so-called zero-day vulnerability. In a follow up, it showed how the flaw could be exploited.

See the original article.

Homeland Security??? The internet is filled with warnings. (and with urban legends) If this were really a Homeland Security issue wouldn't it be on the news?

It would help if I understood word 1 of the above copied info.

Emily , this notice is confusing for me ; I use CareLink , Medtronic for my pump uploads . I have not been able yet , when I upload my Veo pump to check if Java 7 is what is being used .

Would you recommend I connect with Medtronic Canada before the next upload ??? Thanks, N

I think it may be for real as this link explains. Sydney Morning Herals is one of our most respected newspapers:
http://www.smh.com.au/it-pro/security-it/experts-urge-pc-users-to-disable-java-cite-security-flaw-20130111-2ckog.html

It's real, or everyone has been fooled. Reuters is widely respected enough. http://uk.reuters.com/article/2013/01/11/us-java-security-idUKBRE90A0S320130111
Not a good ad for Oracle either.

Open your browser. Go to settings of Add-ons or Plug-ins. In this list you will find the Add-on called "Java(TM) Platform ...". Please disable this Plug-In so that the Browser is not using it anymore. After that the browser needs to be restarted. If you do not find these settings in your browser then switch to a browser like FireFox.

You can check the status of your Java Add-in by following this link and clicking on "check java version". The check should fail to detect Java.

Java has a zero-day exploit. This means a bug has been found that is ALREADY being used to hack computers. After the problem has been fixed by Oracle the Java Add-on can be enabled again. Of course this is interesting for homeland security. Our BSI in Germany has issued the same warning.

Here is the english page to check the installed java version.

Actually, I think a "zero day exploit" means that the vulnerability is now previously known and that victims are caught unaware and without defense. If the world becomes aware, then it is no longer zero day.

Thank you, Holger; some of us need explicit directions like this rather than complex techie talk! I guess if you guys all think it's something serious I'll pay attention. I think I better e-mail my college tech support though to see if Java impacts my courses which open Tuesday.

Hi Emily. When my Java is disabled, I get a message on the top of the TuD homepage saying that I need Java in order to use TuDiabetes! It turns out that I can comment (as I am now doing with Java disabled), but I can’s sign out. Is there any way to change TuD so that Java is not necessary for the complete use of TuD?

Disabling Java is a big problem for me actually – now I can’t get to my email!

P.S. I’m finding other problems after disabling Java, such as an inability to edit my comment or to see the Chat.

I think I was able with the help of your instructions Holger to enable ?? ...Thank You !! I kept this link on file
http://www.java.com/en/download/testjava.jsp

Is it possible that you have confused Java with JavaScript? JavaScript is not affected by the Java problem. It is just the Java Add-on that should be disabled not JavaScript.

You mean disable, right? The idea is to disable the Java add-on so the browser can not use it until it has been fixed. This means the check on the page should tell you that Java is disabled / not running.

Hi Holger, I found my Java control panel but didn't see where to disable it. I also went to add ons but it doesn't appear in that feature. I know I have Java 7 but don't know where to disable it, is there some where else that I can disable. Also does any know what we would use to upload our carelink as Nel touched on before and also other apps that need Java?

I was unable to find anything like settings and add-ons so I went to the "check java version" and it said "no java installed" so I'm good. Thanks Holger.

Well, I honestly am at a loss here. It is JavaScript that I disabled temporarily, which caused the problems that I listed.

My husband replaced our Java 7 with Java 6 an hour ago, hoping that would help. Java 6 seems to be working fine except for some reason, the photos on My Page are now not scrolling, even though they are scrolling on the TuD homepage. Problems, problems, problems!

It's the plug-in not the Java Virtual Machine which is what your husband replaced. Only enable the Java plug-in when doing critical stuff. Disable it when just surfing the Internet. Especially if you frequent Adult Sites! Joking of course.

As Holger said, Javascript has absolutely nothing in common with Java. They just stole the name as a marketing trick. It's a completely different programming language.

I would recommend to deinstall Java under Control Panel > Add/Remove Programs. Java Version 6 has security issues too. You do not need Java to use TuDiabetes. But you need JavaScript and it is safe to enable JavaScript. I would wait for the next update of the Java Engine. I am sure some people at Oracle work day and night to fix the problem.

JavaScripts are small program that can run safely in your browser. They often do useful things to make the use of the page more convenient. As you have experienced many things will not work if JavaScript is disabled. Java and JavaScript have only in common that they use the same language to write the program code.

If you are not sure and the link I have mentioned does not help then deinstall Java. Until a fix is available all the Apps needing Java can not be used. But I am sure a fix will be available soon - just a matter of days in my opinion.