The hackers have already rushed to exploit a huge vulnerability in Oracle’s Java software. Indeed, over the long weekend a number of security groups, including Rapid7, AlienVault and other cyber security companies, announced that the vulnerability in question is so bad that the security experts are currently urging everyone to disable Java on their personal computers until it is fixed in case they don’t want to suffer from the unauthorized intrusion into the system.
For example, Jaime Blasco, a research manager from AlienVault Labs, announced that his security team had identified the code which attacked the computers by exploiting a recently discovered vulnerability in the latest version of Oracle’s Java. The hackers can then use an instrument known as “Poison Ivy”, which allows the intruders to gain control of the infected machine.
As you can see, the risk is too high to let it go unnoticed, and at the moment the security experts point out that the only solution to the problem is to immediately disable Java software on your machine. This is no mean feat, Oracle’s Java is running on 97% of enterprise computers.
The experts explain that the best attack vector is to lure an Internet user to a site that has already been compromised by the hackers. That’s why it is much safer to allow use of Java browser plug-ins only on a case-by-case basis. This is done by manually allowing to use a plug-in when prompted for permission by trusted programs.
While Oracle isn’t commenting the situation at the moment, a number of security firms, including Rapid7, have set up web pages designed to warn users whether their browser has a Java plug-in installed which is vulnerable to hacker attack.
For example, Jaime Blasco, a research manager from AlienVault Labs, announced that his security team had identified the code which attacked the computers by exploiting a recently discovered vulnerability in the latest version of Oracle’s Java. The hackers can then use an instrument known as “Poison Ivy”, which allows the intruders to gain control of the infected machine.
As you can see, the risk is too high to let it go unnoticed, and at the moment the security experts point out that the only solution to the problem is to immediately disable Java software on your machine. This is no mean feat, Oracle’s Java is running on 97% of enterprise computers.
The experts explain that the best attack vector is to lure an Internet user to a site that has already been compromised by the hackers. That’s why it is much safer to allow use of Java browser plug-ins only on a case-by-case basis. This is done by manually allowing to use a plug-in when prompted for permission by trusted programs.
While Oracle isn’t commenting the situation at the moment, a number of security firms, including Rapid7, have set up web pages designed to warn users whether their browser has a Java plug-in installed which is vulnerable to hacker attack.
No comments:
Post a Comment