By Jim Finkle
Jan 10 (Reuters) – Computer users are being advised by
security experts to disable Oracle Corp’s widely used
Java software after a security flaw was discovered in the past
day that they say hackers are exploiting to attack computers.
“Java is a mess. It’s not secure,” said Jaime Blasco, Labs
Manager with AlienVault Labs. “You have to disable it.”
Java, which is installed on hundreds of millions of PCs
around the globe, is a computer language that enables
programmers to write software using just one set of code that
will run on virtually any type of computer.
It is used so that Web developers can make sites accessible
from browsers running on Microsoft Corp Windows PCs or
Macs from Apple Inc.
Computer users access those programs through modules, or
plug-ins, that run Java software on top of browsers such as
Internet Explorer and Firefox.
Three computer security experts told Reuters on Thursday
that computer users should disable those Java modules to protect
themselves from attack.
A spokeswoman for Oracle said she could not immediately
comment on the matter.
“This is like open hunting season on consumers,” said HD
Moore, chief security officer with Rapid7, a company that helps
businesses identify critical security vulnerabilities in their
networks.
Moore said machines running on Mac OS X, Linux or Windows
all appear to be vulnerable to attack.
Marc Maiffret, chief technology officer with BeyondTrust,
said that businesses may need to keep using Java to access some
websites and Internet-based programs that run on the technology.
“The challenge is mainly for businesses , however, which have
to use it for some applications,” he said. “Oracle simply needs
to do a lot more to secure Java and get their act together.”
Security experts said the risk of attack is currently high
because developers of several popular tools known as exploit
kits that criminals use to attack PCs have added software that
allows hackers to exploit the newly discovered bug in Java to
attack computers.
