Oracle Says Java is Fixed; Feds Maintain Warning

Some of you may have seen this ATS thread posted on Friday January 11, 2013 by fnpmitchreturns:

US government tells computer users to disable Java

So, now Oracle states it's fixed, yet "they" still maintain that you should get rid of it entirely. A few excerpts from an article posted today on AP.

LOS ANGELES (AP) — Oracle Corp. said Monday it has released a fix for the flaw in its Java software that raised an alarm from the U.S. Department of Homeland Security last week. Even after the patch was issued, the federal agency continued to recommend that users disable Java in their Web browsers.

Java 7 was released in 2011. Oracle said installing its "Update 11" will fix the problem.

The sale of the packs means malware exploiting the security gap is "going to be spread across the Internet very quickly," said Liam O'Murchu, a researcher with Symantec Corp. "If you have the opportunity to turn it off, you should."

Making users aware when Java programs are about to be installed gives users a 50/50 chance of avoiding malware, said Kurt Baumgartner, a senior security researcher with Kaspersky Lab.

Many programmers are avoiding Java altogether, and its use in Web browsers is on the decline, he said.

Kaspersky Lab estimated that last year 50 percent of all website exploitations were due to vulnerabilities in Java. Adobe's Acrobat Reader accounted for another 28 percent of vulnerabilities.

Here is the full AP article

I pulled these excerpts because..well...it just doesn't sit well with me and reeks of something...worse than fish...maybe...3 day old squid would suffice.

There are some big name backers suggesting one all but eliminate Java. And although Adobe accounts for 28% of security vulnerabilities there is no lynch mob to speak of targeting them, interesting that. How many government documents are in pdf format I wonder?

So here it is, "they" want to get rid of Java, for the security vulnerabilities, why? More, why are these high profile internet security companies advocating the Oracle witch hunt and not assisting with fixes on their end?

So it's a matter of security with Java, okay. So what of Microsoft products and the constantly updating security vulnerabilities throughout? Questions questions. All in all, it may very well just boil down to simply too many security vulnerabilities, but my BS meter is spiking in regards to this whole thing.

reply to post by UberL33t
Maybe the Feds have their own program that they want to replace Java with. All the better to invade your privacy even more if you are forced to use their software. I would rather brave criminal hackers than use software that the government is pushing.

reply to post by UberL33t


To be honest with you, I don't think there is any conspiracey in this one...

Forbes Article

Feeling secure — and just a little smug — that you’ve updated your Java installation to plug up that nasty vulnerability discovered last week? Well, I’ve got some bad news for you. A Polish security researcher has discovered yet another vulnerability in Java 7.

Please note the date, and this is a different Forbes article to the one I quoted yesterday in this thread...

ATS Thread.

Link to Forbes Article from thread



As I said in the other thread, this problem has been around for awhile, and has been foating around in various blogs, and articles for a fair old old time.

There seems to be various vulnerabilities with Java, that they just don't seem to be able to iron out, they patch it, and then another problem arises.

Personally you have to question the wisdom of the DHS for only getting on board now, how long have they beeen leaving themselves open to compromise?

I can see the logic in heeding their warning, Java is potentially broken!

reply to post by solargeddon

Personally you have to question the wisdom of the DHS for only getting on board now, how long have they beeen leaving themselves open to compromise?

Perhaps there is no conspiracy but in going with your thought process, and again, I raise the question of the numerous and constantly patched security vulnerabilities in all of the MS products or Adobe. Why hone in on Oracle all of a sudden for having security vulnerabilities so ferociously (imo)?

Seems like a lot of attention is being placed on this to be something that is/was seemingly already a known issue (according to your sources) with Java.

reply to post by UberL33t


My thinking was purely because Oracle are failing to keep on top of the problem, whereas perhaps the others Adobe etc...actually implement patches that work?

Well that was my take on it.

Interesting premise I encountered back in Dec, was a person I met who says anti-virus companies actually make a fair amount of viruses, and circulate them in order to keep themselves in business, how true it is I don't know, but it wasn't the first time I have had it said to me.

Wonder if anyone can confirm or deny?

reply to post by UberL33t

Seems like a lot of attention is being placed on this to be something that is/was seemingly already a known issue (according to your sources) with Java.

It definately was a known isssue, I removed Java back in early December when I was researching how to fix my trojan riddled computer.

How long the DHS have known is another question, I can't believe they haven't known about it for a fair amount of time, perhaps it suited them for the Java issues to remain under the radar for a period of time, maybe they were the ones that hacked it, and now are coming clean, as it no longer serves a purpose anymore, as other hackers have jumped on, and began exploiting it.

Or maybe its time to get my tin foil hat dry cleaned!