Cyber Security Tips
NEWSLETTER

AUGUST 2013
Volume 8, Issue 8

Java Exploits - pdf

Newsletter for branding

From the Desk of Thomas D. Smith, Director

What is Java?

Java is a computer language that allows programmers and application developers to write software that can run on many different operating systems. Numerous applications and websites require end-users to have Java installed. Websites incorporate Java applets (small applications) to enhance the usability and functionality of a website. In general, when a user visits one of these websites, depending on their browser's security settings, they may have no idea the Java applet is automatically running.

End-users typically have "Java Runtime Environment" (JRE) installed on their computer. In many instances, this software was pre-installed on their computer. More recently, this practice is becoming less common. If JRE is not installed on your computer, and you visit a website that requires JRE, generally, you will be prompted to install JRE.

What are the Risks with Java?

Java is designed to work on almost any computer. Java has been prone to numerous reports of vulnerabilities. According to the SecureList IT Threat Evolution Report released by Kaspersky Lab in May 2013, "The most widespread vulnerabilities are found in Java and [the vulnerabilities] were detected on 45% of all computers." 1

Attacks are based, at least in part, on older versions of Java. When a newer version of Java is released and installed on a machine, the older version may not automatically be uninstalled. This was intended to provide an easy way to roll back to an older version in case of compatibility issues. Attacks can be used by hackers to leverage and to exploit the vulnerabilities that exist in those versions. This makes Java's weaknesses an attractive target for hackers and cyber criminals.

How Can I Mitigate Java Exploits?

  • Set the Java security level to "High" or "Very High." The most recent versions of Java have the ability to manage when and how untrusted Java applications/applets will run. You can set the security level from within the Java Control Panel so that you are notified before any untrusted Java applications run. Visit: http://www.java.com/en/download/help/jcp_security.xml for instructions on setting the Java security level.
  • Do not allow applications from unknown publishers to run.

 

For More Information:

What is Java?
https://en.wikipedia.org/wiki/Java_(programming_language)

Java Security Resources
http://www.java.com/en/security/

Uninstalling Java on Windows
http://www.java.com/en/download/uninstall.jsp

Uninstalling Java on Mac
https://www.java.com/en/download/help/mac_uninstall_java.xml

Disabling Your Browser's Java Plugin
https://krebsonsecurity.com/how-to-unplug-java-from-the-browser/  

 


For more monthly cyber security newsletter tips, visit:

http://www.dhses.ny.gov/ocs/awareness-training-events/news/

The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment.  While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.

Deborah A. Snyder

Acting Chief Information Security Officer


 

Cyber Security

GIS