Java, the new Adobe (+How To Protect Yourself)
Sun’s Java Earns Unhappy Distinction — The Hackers’ Favorite Target
Cybercriminal exploit attacks on Java have multiplied tremendously in number and they are proving to be incredibly effective.
First reported by Krebs On Security last week, now the Microsoft Malware Protection Center has a notice about the wave of Java exploitation they found when reviewing their monitoring data. In fact, the MMPC discovered that by the beginning of this year the number of exploits on Java code vulnerabilities well surpassed the number of Adobe exploits they monitored.
“What I discovered was that some of our exploit “malware” families were telling a scary story – an unprecedented wave of Java exploitation. In fact, by the beginning of this year, the number of Java exploits (and by that I mean attacks on vulnerable Java code, not attacks using JavaScript) had well surpassed the total number of Adobe-related exploits we monitored.”
Java is everywhere, but few people know what it is, or that it is even installed, as Java runs in the background. Java is used in a wide variety of computing platforms: from embedded devices and mobile phones on the low end, to enterprise servers and supercomputers on the high end.
What you should do: As I have mentioned here many times, the way these “exploits” get stopped is via vendor-released “patches” – better known as updates. Updates are your friend, and you want them.
(As a matter of fact, the Java patches have been out for some time..)
Keep your software up-to-date. Here’s the how to for Java.
1) Click the Start button then Control Panel.
2) Locate and click the Java icon
3) The Java “control panel” will open. Click on the Update tab.
4) Click the Update Now button. Then, OK.
Did you notice how the “Check for Updates Automatically” description says that Java will check for patches and hacker fixes on the 14th of each month?
In today’s world, that’s ridiculous. Once a month? C’mon.
So let’ fix that.
5) Click the Advanced button…
.. and change the radio button to either Weekly, or better yet, Daily. Then click OK.
Then click Apply and then OK again.
Sadly, folks, you are not done. Java has a nasty habit of leaving old versions of itself behind when it updates (why is that, Sun? Huh? Huh?) and these need to be removed.
1) You should still be in Control Panel so click on Programs and Features (“Add/Remove Programs” in Windows XP/Older)
1a.) Click “Uninstall or change a program” if you have to.
2) A list of the installed programs will “populate”. Look for, and then remove (click Uninstall) all but the most recent version of Java you find in the list. That is, all but the highest numbered one. There may be several entries…
Okay. now you’re done.
I know, I know! Seems like a pain. Sun could do a much better job with this. But, listen, please. Safety and security measures are always a bit inconvenient and require extra attention and effort. Your computer is no different. Take the time. Make the effort.
When you cross the street, you look both ways to make sure it’s safe. Staying safe on the Internet is similar. It takes some common sense steps — Stop. Think. Connect.
- Stop: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.
- Think: Take a moment to be certain the path is clear ahead. Watch for warning signs and consider how your actions online could impact your safety, or your family’s.
- Connect: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.
STOP. THINK. CONNECT. Protect yourself and help keep the web a safer place for everyone.
* My thanks to Bryce at Technibble for the great write up which brought this to my attention.
Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Apple releases 41 patches for Leopard, Flash
Keeping your software patched and up-to-date is a vital part of safe(r) computing these days. I cannot recommend enthusiastically enough that you enable “automatic” updating wherever and whenever it is offered.
A “patch” (aka “update”) closes ‘holes’ (aka “vulnerabilities”) that hackers are “exploiting” to take control of, or plant malware on, (your) machines.
There is an active exploit out there for the Flash player (Those animations on Webpages) that affects anyone who has not disabled Flash– whether you’re running Windows, Mac, or Linux.
If you like having Flash animations, you should visit this page on the Adobe Website which will analyze your version of Flash Player to see if you need to update.
Mac users should visit Apple Update and get these important updates.
Today’s free link: A repeat today, because you really should know about this free tool: the Secunia Software Inspector will scan your machine’s installed programs and determine if they’re out-of-date, or there’s patches missing– and it will help you resolve the problems it finds.
Copyright 2007-8 © Tech Paul. All rights reserved.
post to jaanix
| Share this post : |  |
 |
|
|
|
|
|
 |
|
|
|
 |
It’s not your fault– how the Tech Industry is failing you
Your computer was infected with pop-up pornography because you visited a popular travel Website to look at hotel room prices in Orlando. And you have a well-known Company’s Internet Security Suite.
Or maybe, because your ISP promised you they’d scan all your e-mails for you, before they got into your Inbox.. you thought they really did, and you also thought that made your e-mail safe. You clicked on a link in one of those e-mails… (it said it was from your Uncle Victor..) and, voilà! Someone’s using your credit card.
In Malaysia.
To buy big-screen TV’s.
Like, six of them.. so far.
Perhaps you did neither of those things. But.. your friends wanna know why you’re sending them all this junk e-mail, and your ISP is threatening to turn you off if you don’t stop sending mass-mailings. Huh?
Turns out, you happen to have CoolProgram 6.0* on your machine, and a cracker has “exploited” the code and turned your machine into a spambot. Your machine has been merrily sending out thousands of e-mail come-ons for generic drugs, male enhancements, and penny stocks… all while you were asleep in bed.
Or you brought home a new digital picture frame…
Does this sound like a bad sci-fi movie to you? It does to me. But, sadly, this is our current reality.
You haven’t done anything wrong (or, really stupid) and you’ve even tried to protect your machine, but you got hijacked anyway.
I, for one, think there’s something seriously wrong with this state of affairs. When I think about the state of the Internet, I start feeling like that guy in the movie.. you know the one..
Why is this happening? Many reasons. Some are:
* Software companies are, to this day, releasing programs which contain insecure code.
* Hardware manufactures don’t include any extra features– like hard-wired security.
* In their rush to bring us new and exciting technology (he who’s first to market, wins), nobody stops and ponders the consequences.. or the vulnerabilities.
* For a long time, nobody took the hackers seriously enough.
* Cost. (I put this last because this can be offset.)
Believe it or not, there are steps the IT Industry can take to remedy a lot of this, and counteract this unsecured Internet. They could be doing much more to combat spam, malware, and hackers. There’s also steps we (us “consumers”) can take as well.. which space restriction has run out of room for today, and I will discuss tomorrow.
To be continued…
Today’s free link: I have recommended other graphics manipulation/image editing tools in the past, and it is only fitting that I give space to another winner: Paint.NET is simply the closest thing to Photoshop I have seen. 5 Star-rated by C/Net.
* Pick a program, any program. “CP 6.0” is simply my generic example.
*** Folks, like my new look? Hate it? Let me know by answering this 1 Question survey Click Here to take survey. ***
To read part 2, click here.
Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix
| Share this post : | |
|
|
|
|
|
|
|
|
|
|
|
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 