Tuesday, January 15, 2013

If it's Tuesday, it must be time for security patches

Oracle came out with a patch to the Java exploit, but people are saying that it's not nearly enough:
Security experts advise users to not run Java in their web browsers despite a patch from Oracle that mitigates a widely exploited security vulnerability.

The database giant issued an emergency out-of-band patch on Sunday, but despite this the US Department of Homeland Security continues to warn citizens to disable Java plugins.

"Unless it is absolutely necessary to run Java in web browsers, disable it even after updating to [Java 7 update 11]," the US-CERT team said in an update yesterday.
I restarted Firefox and found that it automatically disabled the Java plug in.  Nice, that.  Looked at Chrome and can't for the life of me see where the security configuration settings are.  Not so nice, that.  I guess I'll have to Google it.

And Microsoft has also come out with an emergency, out-of-cycle patch for Internet Explorer.  If you use Internet Explorer, cruise on over there for some chocolaty security goodness.  Yum!


MonteG said...

Looks like Java can be disabled in Chrome by going to chrome://plugins/

MonteG said...

Or... maybe not. I see it on my desktop but not on my laptop.

Dave H said...

MonteG: Are you sure Java is installed on your laptop? I just tried to disable it on my computer here and it seems I haven't installed Java in the first place. But all the usual Web haunts work fine.

Another way to get to the Plugins setting in Chrome is to click the Customize and Control button (3 horizontal lines at the right end of the address bar), click Settings, scroll to the bottom and click the "Show advanced settings" link, scroll down to the Privacy heading and click Content Settings, scroll down to Plug-ins and click the link that says "Disable individual plug-ins..."

But just typing Chrome://plugins is easier.

Anonymous said...

I've had Java disabled for quite some time on both Safari and Firefox on my Mac. And I haven't missed it.