The Java Menace, Cont.

By James Fallows

java_medium.jpgAs I mentioned two days ago, tech people I take seriously are themselves taking seriously the threat of computers being hacked through a vulnerability in Java code. For the record, some updated info:

  • The Department of Homeland Security -- and, yes, it's interesting that they are on this beat -- has issued an update on the problem and possible solutions. It points out that Oracle has released Java 7 Update 11 which according to Oracle addresses the currently known vulnerabilities.

  • But the DHS goes on to make a case for a better-safe-than-sorry approach: 

    "This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available."

  • Woody Leonhard of InfoWorld has a very useful step-by-step guide to dealing with this Java warning.

  • Several people have written to remind me to point out that Java, a programming language that is the source of the current concern, is not the same as the scripting language called JavaScript. JavaScript does not expose your computer to any of the vulnerabilities Java now creates, and you don't have to remove, disable, or worry about any reference to JavaScript  in your system.

This article available online at:

http://www.theatlantic.com/technology/archive/2013/01/the-java-menace-cont/267261/