LOS ANGELES — Oracle Corp. said Monday it has released a fix for the flaw in its Java software that raised an alarm from the U.S. Department of Homeland Security last week. Even after the patch was issued, the federal agency continued to recommend that users disable Java in their Web browsers.
"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," DHS said Monday in an updated alert published on the website of its Computer Emergency Readiness Team. "To defend against this and future Java vulnerabilities, consider disabling Java in Web browsers until adequate updates are available."
The alert follows on the department's warning late Thursday. Java allows programs to run within websites and powers some advertising networks. Users who disable Java may not be able to see portions of websites that display real-time data such as stock prices, graphical menus, weather updates and ads.
Vulnerability in the latest version, Java 7, was "being actively exploited," the department said.
Java 7 was released in 2011. Oracle said installing its "Update 11" will fix the problem.
Security experts said that special code to take advantage of the weakness is being sold on the black market through so-called "Web exploit packs" to Internet abusers who can use it to steal credit card data, personal information or cause other harm.
The packs, sold for upwards of $1,500 apiece, make complex hacker codes available to relative amateurs. This particular flaw even enables hackers to compromise legitimate websites by taking over ad networks. The result: users are redirected to malicious sites where damaging software can be loaded onto their computers.
The sale of the packs means malware exploiting the security gap is "going to be spread across the Internet very quickly," said Liam O'Murchu, a researcher with Symantec Corp. "If you have the opportunity to turn it off, you should."
Oracle said it released two patches – to address the flaw highlighted by the government, as well as another flaw that the government said was "different but equally severe."
As well, the patches set Java's default security level to "high" so that users will automatically be shown a prompt and given a chance to decline malicious software before it loads onto their computers.
Disabling Java completely in browsers has a similar effect, however. When websites appear without crucial functions, users can click a button to turn Java back on.
Making users aware when Java programs are about to be installed gives users a 50/50 chance of avoiding malware, said Kurt Baumgartner, a senior security researcher with Kaspersky Lab.
Many programmers are avoiding Java altogether, and its use in Web browsers is on the decline, he said.
Kaspersky Lab estimated that last year 50 percent of all website exploitations were due to vulnerabilities in Java. Adobe's Acrobat Reader accounted for another 28 percent of vulnerabilities.
Nexus Q
Google's unique media-streaming orb received a lot of stage time at the Google I/O conference in June. High prices and lack of functionality ultimately doomed the device, however, and Google <a href="http://9to5google.com/2012/10/29/google-quietly-kills-off-the-nexus-q-from-its-nexus-pages-with-miracast-launch-today/">pulled the plug on the project</a> before the thing started shipping. Those who pre-ordered did get their money back, as well as a free Nexus Q -- hang on to those, as they may soon be collector's items. (The Nexus Q <a href="https://play.google.com/store/devices/details/Nexus_Q?id=nexus_q&hl=en">is still listed in the Google Play Store</a>, but it is not for sale, nor have we heard so much as a whisper about it in months). Read more about <a href="http://www.huffingtonpost.com/2012/08/01/nexus-q-delayed-by-google_n_1727614.html">what the Nexus Q was supposed to do here</a>, and <a href="http://www.huffingtonpost.com/2012/06/27/nexus-q-price-release-date-google_n_1631254.html">more on its delay here</a>.
Airtime
At a New York City launch event in June, Jim Carrey, Jimmy Fallon, Joel McHale, Julia Louis-Dreyfus, Alicia Keys and more celebs all <a href="http://www.huffingtonpost.com/2012/06/05/sean-parkers-airtime-launch-olivia-munn-joel-mchale_n_1571336.html">showed up to shill for Airtime</a>, the new video chat startup from Napster founders Sean Parker and Shawn Fanning. Unfortunately, no one showed up for Airtime a month later: We all tried it on the day it was launched (<a href="http://www.huffingtonpost.com/2012/06/06/mark-zuckerberg-airtime_n_1574121.html">even Mark Zuckerburg took a turn!</a>) and then never opened it again. <a href="http://www.youtube.com/watch?v=JTwJetox_tU">At least ChatRoulette had Merton</a>. <a href="http://www.huffingtonpost.com/2012/06/05/sean-parkers-airtime-launch-olivia-munn-joel-mchale_n_1571336.html">Read more about Sean Parker's Airtime here</a>.
Facebook Camera
<a href="http://techcrunch.com/2012/04/09/facebook-to-acquire-instagram-for-1-billion/">About a month after acquiring Instagram</a>, Facebook <a href="http://www.huffingtonpost.com/2012/05/24/facebook-launches-iphone-_0_n_1543188.html">announced the launch of a new app called Facebook Camera</a>, which was, basically, an Instagram clone. This would be followed proudly by other Facebook clones of popular apps, <a href="http://www.huffingtonpost.com/2012/12/23/test-driving-poke-faceboo_n_2356021.html">most recently Facebook Poke</a>, a knockoff of messaging app Snapchat, which delivers self-destructing pics and videos. Facebook Camera offered very little reason for anyone to switch from Instagram, and even less reason to use both, so it (quite naturally) flopped. Not that it mattered to Facebook: If Facebook Camera failed, the social network still owned Instagram. <a href="http://www.huffingtonpost.com/2012/05/24/facebook-launches-iphone-_0_n_1543188.html">Read more about Facebook Camera here</a>.
Facebook Stock
Like Facebook Camera, the Facebook IPO did not get off to a good start. <a href="http://www.huffingtonpost.com/2012/05/24/facebook-ipo-high-frequency-trading_n_1544187.html">NASDAQ's technical software faltered at the big moment</a>, causing an unexpected 30-minute delay when FB became available to the public; and, too, the stock's price plummeted, failing to experience the first-day boom that many initial offerings regularly enjoy. Facebook's IPO was, by most accounts, one of the larger embarrassments -- for NASDAQ, for underwriter Morgan Stanley and for Facebook itself -- of the year. At least people seem to be enjoying Timeline? <a href="http://www.huffingtonpost.com/2012/05/24/facebook-ipo-high-frequency-trading_n_1544187.html">Read more about the Facebook IPO debacle here</a>.
Facebook's Chair Commercial
Not to pick on Facebook here, but the social network's first-ever commercial -- a video that elucidates the myriad ways that Facebook.com is similar to a chair -- was <a href="http://theweek.com/article/index/234373/facebooks-completely-bizarre-first-commercial-about-chairs">met with almost universal puzzlement and mockery</a>. It even inspired an excellent website, <a href="http://arelikefacebook.com/">AreLikeFacebook.com</a>, in which you can input any noun you'd like and compare it to Facebook. Fun for the whole family! (Much like chairs, which are also fun for the whole family). Watch the ad to your left, and <a href="http://www.huffingtonpost.com/2012/10/04/facebooks-new-ad-things-that-connect-us-chairs-universe_n_1939862.html">read more about Facebook w/r/t chairs here</a>.
Apple's 'Genius' Commercials
Speaking of horrible commercials: The company <a href="http://adage.com/article/news/apple-ads-steve-jobs-10-apple-advertisements/229465/">that has become famous for its excellent advertising and marketing</a> produced three clunkers this year, all of them featuring a smarmy young Apple Genius proving his superior intellect over borderline-moronic adults. The <a href="http://appleinsider.com/articles/12/08/22/apple_fully_abandons_disliked_genius_tv_ads">ads were widely panned</a> and <a href="http://www.tuaw.com/2012/08/07/apple-reportedly-to-stop-running-genius-tv-ads/">Apple quickly yanked them</a> from both the airwaves and from YouTube, though traces of their obnoxiousness still exist (as seen in this video). Perhaps Apple should have hired a Genius to write these commercials, instead? <a href="http://www.tuaw.com/2012/08/07/apple-reportedly-to-stop-running-genius-tv-ads/">Read more about Apple's Genius ads here</a>.
Apple Maps
What more is there to say about Apple's new Maps app? A rare instance where Apple endlessly hyped a product only to apologize for its ineptitude, Apple Maps has been mocked so thoroughly -- on Twitter, on late-night shows, <a href="http://TheAmazingiOSMaps.tumblr.com">on a mesmerizing Tumblr</a> and elsewhere -- that it seems redundant to thrash it again here. All you really need to know is that after testing out Apple Maps for a few months, <a href="http://betanews.com/2012/12/18/google-maps-on-ios-hits-10-million-downloads-in-less-than-48-hours/">10 million people chose to download Google's Maps app in just under 48 hours</a> after it was released earlier in December, making it one of the most quickly downloaded app of all time. Of course, it's still fun to look back at the shoddiest highlights from Apple Maps' brief time in the sun. <a href="http://www.huffingtonpost.com/2012/09/20/apple-map-fails-ios-6-maps_n_1901599.html">Click here for our 19 favorite Apple Maps fails</a>.
Microsoft So.cl
As though the Internet <a href="http://plus.google.com">didn't already have enough pointless social networks forced upon users by mega-corporations</a>, here comes Microsoft with its own version: <a href="http://www.so.cl/">It is called So.cl</a>, and after a brief run in private testing, it is now open to everyone who can get an invitation and is so, so easy to hook up to your personal Microsoft account. <a href="http://plus.google.com">Sound a bit like Google+, doesn't it</a>? So.cl, which is pronounced "social" and which "<a href="http://www.so.cl/about">allows you to express and share your ideas through rich post collages comprised of images, links, captions and videos</a>," is not necessarily dead in the water. It is still in its beta stage, and it has not yet been pushed as heavily by Microsoft as, say, Google has pushed Google+. The initial lack of enthusiasm for Yet Another Social Network, and the confusion over what exactly it is you are supposed to do on So.cl, however, do not bode well for its Fu.tr. Sorry, "future." <a href="http://www.huffingtonpost.com/2012/02/28/socl-microsoft-social-network_n_1306315.html">You can read more about So.cl -- and perhaps find out what it is! -- here</a>.
The New Myspace
Based on the creative vision of Justin Timberlake, Myspace <a href="http://www.techmeme.com/120924/p47#a120924p47">unveiled a grand redesign and new media-centric concept this past year</a>, and it just recently opened up the doors to beta users, in a bid to sniff at the relevancy it once enjoyed in the Internet's more halcyon days. The first appraisals were not kind. (Sample headline: "<a href="http://gizmodo.com/5965926/the-new-myspace-review-just-die-already">The New MySpace Review: Just Die Already</a>"). Is there any interest whatsoever in moving our social lives back to Myspace, of all places? <a href="http://www.huffingtonpost.com/2012/09/25/myspace-new-look_n_1913458.html">You can read more about the new Myspace here</a>.
Instagram's Updated Terms Of Service
They probably should have completely filtered this one. When <a href="http://www.huffingtonpost.com/2012/12/17/instagrams-terms-of-service_n_2317402.html">Instagram changed its Terms of Service this December</a>, it was not expecting a Netflix-level uprising by its users, who interpreted the changed language as giving the company approval to sell personal photographs for advertisements. Many threatened to quit, and many did <a href="http://www.huffingtonpost.com/2012/12/18/instagram-alternatives-apps_n_2323079.html">search out alternatives</a>. Perhaps this was the <a href="http://www.theverge.com/2012/12/18/3779728/instagram-policy-backlash-flickr-users">opening that good old Flickr was looking for</a>. (Maybe there is hope for Myspace after all?) <a href="http://techcrunch.com/2012/12/20/instagram-updated-terms-of-service/">Instagram has since reverted part of the controversial ToS back to its original version</a>, but the now-recanted provision will certainly be remembered as one of the worst "app updates" of all time. <a href="http://www.huffingtonpost.com/2012/12/20/instagram-terms-of-service-change_n_2333284.html">You can read more about the Instagram Terms of Service fiasco here</a>.
SOPA
The worst, most poorly received tech release of the year came not from a hardware or software company, but from a United States Congressman: The <a href="http://www.huffingtonpost.com/2012/01/18/sopa-blackout-internet-censorship_n_1211905.html">Stop Online Piracy Act</a>, or SOPA, was introduced by Representative Lamar Smith of Texas in October 2011 as a way to fight the illegal download, upload and sale of copyrighted material on the Internet. It was a noble cause, but alas, the denizens of this here Internet found Rep. Smith's measures overly severe, onerous for website proprietors and a potential violation of the First Amendment. Not a great first release, in other words. Many websites, including Reddit, Wikipedia and Google took action on January 18, <a href="http://www.huffingtonpost.com/2012/01/18/sopa-blackout-internet-censorship_n_1211905.html">either posting advocacy messages on their homepages protesting SOPA, or going dark for a few hours</a>. <a href="http://www.huffingtonpost.com/2012/01/17/wikipedia-blackout_n_1212096.html">Over 7,000 websites participated in the blackout</a>, and <a href="http://arstechnica.com/tech-policy/2012/01/sopa-protest-by-the-numbers-162m-pageviews-7-million-signatures/">Google said it collected 7 million signatures in opposition to the bill</a>. <a href="http://www.huffingtonpost.com/2012/01/14/white-house-sopa-pipa_n_1206347.html">Without support from the President</a>, or virtually anyone in the entire world with an Internet connection, SOPA was indefinitely delayed (much like the Nexus Q, only infinitely more hated). <a href="http://www.huffingtonpost.com/2012/01/18/sopa-showdown-hollywood-silicon-valley_n_1214433.html">You can read more about what's next for SOPA here</a>.
Source : huffingtonpost[dot]com
0 comments:
Post a Comment