UPDATE 1/13/13 9:30 pm: Under pressure from the flood of negative news (I’m guessing), Oracle jumped on this issue. They had said they would fix this issue much later in the year (are you shocked?) but instead fixed it in one day. You’ll have to download Java 7 update 11, but you can do it from here. But, actually, you should decide if you want or even need Java running!
CERT, a group sponsored by the Homeland Security Department’s cyber-security division have just announced this morning that if you’ve recently installed Oracle’s Java 7 plugin (including update 10), your system is at security risk for your identity being stolen…that means hackers’ programs can come into your machine as you browse and steal your contents (including Outlook files). The exploit allows hackers’ programs to give themselves full security privileges.
The only known solution is to disable Java in web browsers (we hope temporarily until Oracle fixes this).
For those of you that don’t know, Java is the program used by web browers to present all those fancy moving graphics, including online games…and MANY sites use this. You should also know that although you are very small fish in a very big pond, please do NOT assume that the hacker is no interested in your site…there are programs sold on the internet that allow programs to scour the internet thousands of times faster than any hacker can, looking for exploitable machines. The hackers who control Nuclear Pack and Blackhole – both competing crimeware products that are created to be woven into hacked sites and use browser flaws to load malware — say they’ve added a brand-new exploit software that invades a previously unknown and currently unpatched security hole in Java.
Rather than explaining how to turn Java off in any particular browser, Oracle has released on their site instructions in the Java applet (in your control panel) how to turn Java off for ALL BROWSERS.
I’ve decided to create a maintenance program for any of my clients that will issue updates on their websites and manage all of those maintenance issues, including version updates, security notices, expiration notices…in short, make sure that their websites are always 100% up-to-snuff. If you are interested in this program for your website (trust me, it will be quite affordable), you can contact me when you’re ready to feel safer. (Or, you can always live dangerously!).