John Paczkowski

Recent Posts by John Paczkowski

Oracle Patches Java Vulnerability

Duct_tape_pipesOracle says it has repaired a security flaw in its Java software that inspired a rare call from the Department of Homeland Security, advising consumers to disable the software entirely.

On Sunday afternoon, Oracle released a patch for the critical vulnerability, which could be exploited to install and execute malicious code on unguarded systems. And not a moment too soon. By the end of last week, security researchers had already spotted malware designed to exploit it in the wild. Some theorized the flaw potentially put more than 850 million PCs at risk.

In a bulletin, Oracle said that the patch not only repairs the vulnerability, but switches Java’s security setting to “high” by default. “The default security level for Java applets and web start applications has been increased from ‘medium’ to ‘high,’” Oracle said in an advisory today. “… With the ‘high’ setting the user is always warned before any unsigned application is run to prevent silent exploitation.”

A thoughtful additional precaution — though one you’d think it would have occurred to Oracle to add earlier on. But are these measures sufficient to protect consumers who use Java? Java security expert Adam Gowdiak isn’t so sure. “We don’t dare to tell users that it’s safe to enable Java again,” Gowdiak told Reuters. H.D. Moore, chief security officer at the security firm Rapid7, took an even dimmer view of the patch and the software itself. “Users should simply disable it,” he told Forbes. “The amount of utility it offers is so much smaller than the risk it creates for users. It’s much safer to leave it off.”


Twitter’s Tanking

December 30, 2013 at 6:49 am PT

2013 Was a Good Year for Chromebooks

December 29, 2013 at 2:12 pm PT

BlackBerry Pulls Latest Twitter for BB10 Update

December 29, 2013 at 5:58 am PT

Apple CEO Tim Cook Made $4.25 Million This Year

December 28, 2013 at 12:05 pm PT

Latest Video

View all videos »

Search »

Just as the atom bomb was the weapon that was supposed to render war obsolete, the Internet seems like capitalism’s ultimate feat of self-destructive genius, an economic doomsday device rendering it impossible for anyone to ever make a profit off anything again. It’s especially hopeless for those whose work is easily digitized and accessed free of charge.

— Author Tim Kreider on not getting paid for one’s work