Farelf Posted January 12, 2013 Share Posted January 12, 2013 Thanks to member "Retired" at the GRC newsgroup for the following links: http://krebsonsecurity.com/2013/01/zero-da...s-in-crimeware/ The curator of Blackhole, a miscreant who uses the nickname â€œPaunch,â€ announced yesterday on several Underweb forums that the Java zero-day was a â€œNew Yearâ€™s Gift,â€ to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack. According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest â€” Java 7 Update 10. This information could not be immediately verified, but if you have Java installed, it would be a very good idea to unplug Java from your browser, or uninstall this program entirely if you donâ€™t need it. ... ... (and the risk is promptly verified - see the full article and comment). The real news, as Krebs goes on to note, is that the latest Java (Java 7 Update 10) has a streamlined security feature built into the Java console to withdraw Java from all installed browsers. The Oracle guide: http://www.java.com/en/download/help/disable_browser.xml A Java icon in the XP control panel? Not on mine, there's not - but XP users can just find javacpl.exe (C:\Program Files\Java\jre7\bin) and make a shortcut on the desktop if likely to need to toggle to enable/disable Java (browser needs to be re-started every time toggled). Worth trying life without Java for a while, I think. Some have long sworn by such self-denial, which suddenly doesn't seem quite so tinfoil-hatterly . Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.