What do our security gurus out there think about this article…
Homeland Security urges computer users to disable Java
Debbie
Unless you specifically have applications installed that need Java there is no reason to have it. At the very least you could completely disable it in your web browser as web pages that use Java applets are extremely rare. Turning it off in the browser would not affect pages running Java on the server to generate the pages as that Java is not running on your computer.
So you make it sound like there is little to lose by disabling the Java Plug-In in my Browser (FireFox in my case) and a lot to gain as far as security…
Debbie
I got webroot. Hasn’t failed me yet
What’s that? :-/
Debbie
Webroot antivirus. Works well - works in the background - quarantines things without even asking. It’s user friendly basically.
I just saw a report that claims that there are major security holes in the latest version of Java that ARE being exploited to break into people’s computers - that report recommends for EVERYONE to as a minimum to disable Java in their browser.
I just made a blog post at http://felgall.net/?p=3466 that provides step by step instructions on how to do this in IE, Firefox, Chrome and Opera.
Thanks for the instructions.
Firefox, Chrome and Opera were all already turned off. IE had 5 listed with 3 still turned on. They’re off now…
Brian Krebs, usually is fairly good at reporting Java, Adobe or Microsoft vulnerabilities: http://krebsonsecurity.com/ he covered this particular exploit quite a while back.
Like was mentioned if you don’t require Java uninstall it. Yes, disabling the plugins in Firefox works for firefox (like on Stephen’s article). As would disabling Java 7 (Update 10) via the Java control panel: http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ One or two specific security sites I visit require Java though I only enable it when I visit those specific sites and only when needed.
However, a lot of people still have fragments of Java 6 installation on their machines, which should also be thoroughly removed as the standard uninstallers sometimes leave vulnerable crumbs.
Is this potential hacking threat through Javascript old or new?
Department of Homeland Security advises computer users to disable Java because of security bug
Are there things that we website managers and builders should fix? 
Java vulnerabilities aren’t new and usually a few times per year you’ll get major Java zero-day attacks.
Are you confusing Java with JavaScript?
In either case you can get malicious JavaScript but that’s a different topic, this thread is discussing (CVE-2013-0422) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422 or how to disable Java web browser plugins.
Just to clarify Greg, the problem is in Java, not [URL=“http://en.wikipedia.org/wiki/JavaScript”]JavaScript.
These are two completely separate programming languages.
As a web master there is nothing you need to do.
However, if you have Java installed on your PC/Mac and you don’t absolutely need it, I would uninstall it, at least for the time being.
Felgall’s blog post tells you how.
Edit: xhtmlcoder beat me to it 
Off Topic:
Pullo, good SPF Mentors are lighting-fast… :karate: 
Java disabled: check.
Date: many months ago.
This might sound dumb, but how do you know if you “need” Java on your computer (other than uninstalling it to see)?
What runs on Java?
You’ll most typically see it used in Java Applets on some websites like: http://secunia.com/vulnerability_scanning/online/ the browser or website may alert you that you have a missing Java plugin, etc. Normally you don’t require it.
For long and involved reasons, I ended up redoing all of my mobile computers near the end of 2012. I haven’t installed java on a thing there. Only issues I had were hooking up to Cisco AnyConnect VPNs and a certain active trading system I use. Now have a dedicated VM for said active trading system; I found the anyconnect client through other means.
So, in most cases, you don’t actually need java installed . . . .
Java has always been insecure. I don’t know why this is such big news all of a sudden.
Lots of stuff. Various remote presentation apps/services, software such as OpenOffice/LibreOffice, Eclipse, and NetBeans.
I thought Java was “the next coming”?!
Lots of stuff. Various remote presentation apps/services, software such as OpenOffice/LibreOffice, Eclipse, and NetBeans.
If it is so inherently insecure, then why is it so popular?
Also, aren’t there similar flaws with other languages/platforms like .Net?
Debbie