Wednesday, March 28, 2012

Java exploit in-the-wild

Here's some good advice from Brian Krebs:

New Java Attack Rolled into Exploit Packs — Krebs on Security
If your computer is running Java and you have not updated to the latest version, you may be asking for trouble: A powerful exploit that takes advantage of a newly-disclosed security hole in Java has been rolled into automated exploit kits and is rapidly increasing the success rates of these tools in attacking vulnerable Internet users.

If you do not need Java, junk it; you can always re-install it later
if you need to. If you need Java for a specific Web site, I would
suggest a two-browser approach. If you normally browse the Web with Firefox,
for example, consider disabling the Java plugin in Firefox (from the
Add-ons menu, click Plugins and then disable anything Java related, and
restart the browser), and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.

No comments: