These are 2 emails that I sent to my VA pump specialist about Java. I think they might be useful (especially the one from Feb. 19). In order to upload my pump data; I now use an old barely functional laptop that is isolated from everything else that uses our home’s wifi.
August 8, 2017
In 2015, both Google and Microsoft stopped allowing any Java to run on their newest browsers because of it’s numerous security problems. They represent about two-thirds of the browser market for desktop computers.
MiniMed will not allow these browsers to use it’s site, because they use Java apps. They recommend Firefox instead. Funny thing is that in 2015, Firefox announced it was in the process of ending Java support. “Mozilla continues to work with the Oracle Java Platform Group to ensure a smooth transition for those web sites that use Java.” blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/
US-CERT (Computer Emergency Readiness Team) is part of the Department of Homeland Security. In 2013, Java vulnerabilities prompted the US-CERT to encourage the public to disable Java unless it’s absolutely necessary.
On July 5, 2017, The U.S. Computer Security Resource Center’s National Vulnerability Database reported yet another “HIGH” vulnerability from a commonly used Java plug-in (Password.Java) because it allows hackers to capture user passwords. nvd.nist.gov/vuln/detail/CVE-2017-9735#vulnDescriptionTitle
Java was created by Oracle. It’s ending support for its own product. “Oracle plans to deprecate the Java browser plugin in JDK 9. This technology will be removed from the Oracle JDK and JRE” blogs.oracle.com/Java-platform-group/moving-to-a-plugin-free-web
Veracode, a key software security firm, says “97 percent of all Java applications we assessed had at least one component with a known vulnerability.” www.veracode.com/blog/secure-development/what-developers-should-know-about-state-software-security
I haven’t allowed any Java code to run on my computer for about 5 years now. Since I visit the Greenbrier Valley VA clinic at least once every 2 weeks. Would it be okay if I let the heavily firewalled VA computer network there, upload my pump and glucometer data on a regular basis?
If not, each time I need to upload the data; I’ll install Java and then quickly delete it.
Thanks! (very, very much! This new pump is great and it’ll be even better with the CGM.)
Feb. 19, 2018
I just tried to upload the current pump and glucometer data for you. When I clicked “upload” on the Medtronic site; I got a message saying the Federal Trade Commission had sued Oracle for making allegedly deceptive security claims about Java. It had a link to click to “update Java”. Stupidly, I clicked it. Now the Medtronic upload page is dead and I’ve got to clean some hidden malware from my computer. I didn’t suspect the link because the FTC had sued Oracle (the maker of Java) back in 2015 and I just thought they had sued them again. I hate Java on browsers. Medtronic probably tells people that 3 billion devices use Java so it must be okay. True, but that is “pure” Java, not the ■■■■■■■■ browser add-on that everyone except Firefox banned years ago. I’m sorry for dumping but I was momentarily feeling a bit better because of the Medtronic sensors arriving. Now I’m crying and trying not to throw my computer out the window.