January 14th, 2013 
Sophos accoring to homeland security terrorists can exploit a flaw to hack your computer. I’m no computer expert so was just wondering if I should do this? Thanks. Here is a link to the article I refer:
http://news.yahoo.com/us-government-tells-computer-users-disable-java-010200371.html
Chosen Answer:
Hello JonZ,
Homeland Security alerts was directed at Mainly Business, Corp’s and Goverment.
” hackers are not reliant on Java for these attacks anyway.”
This could not be further from the truth and totally irresponsible to say such a thing.
For many years now one of the main injection points of malware has been attacking outdated versions of Java. Not limited to Java, also includes, Adobe, Flash Player, Windows not be keep updated, out dated browsers, add-on’s and/or extensions, etc……………….
Exploit kits sold on the black market(What Botherder’s/Hackers use to spread malware/spam) have the ability to check for unsecured web sites(plenty out there) and when found, they inject malicious scripts. When a unsuspected user visits one of these sites, they are redirected to the actual site delivering the malware payload.
Here is where Java and the rest above come into play. The exploit kit also has the ability to check a computer for outdated software, what country you are in, what operating system and what browsers you have.
Lets take the Reveton Ransomware. By knowing what country, it delivers the correct GUI such as FBI, Ukrash, CCI, etc. This holds true for the name changing Rogue @ XP Antivirus 2013, Vista Antivirus 2013 or Win 7 Antivirus 2013, it knows what operating system.
Homeland Security and the news on tv is only a very few that has alerted the public. This Alert started with REAL security Experts in the Security Community. For instance:
CTA: Unpatched Java Exploit in the Wild
By Adam Kujawa
January 10, 2013
In Malware Intelligence
URGENT: New Java Exploit being used to infect Updated Users.
ACTION: Disable Java Browser Plugin using:
http://nakedsecurity.sophos.com/2012/08/30/how-turn-off-java-browser/
http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/
How to Disable Java
How to disable Java in Internet Explorer
http://nakedsecurity.sophos.com/how-to-disable-java-internet-explorer/
How to disable Java in Firefox
http://nakedsecurity.sophos.com/how-to-disable-java-firefox/
How to disable Java in Chrome
http://nakedsecurity.sophos.com/how-to-disable-java-chrome/
How to disable Java in Safari
http://nakedsecurity.sophos.com/how-to-disable-java-safari/
How to disable Java in Opera
http://nakedsecurity.sophos.com/how-to-disable-java-opera/
DETAILS:
As of yesterday, a new Java exploit has been developed and released to the cyber-crime community. It is currently in the wild and being used to distribute malware such as the Reveton Ransomware.
No one is safe from this exploit if you have Java enabled in your browser, it is targeting the most recent update however it will still work on previous versions. The best thing to do is disable Java entirely from running as a plugin on your browser. To do this, follow one of the above links and follow the instructions and restart your browser. If you are using Mozilla Firefox, Java might already be disabled because it seems that some browsers are taking the initiative and just disabling it automatically because of the threat.
READ MORE
http://blog.malwarebytes.org/intelligence/2013/01/cta-unpatched-java-exploit-in-the-wild/#more-540
ABOUT EXPLOITS
http://blog.malwarebytes.org/intelligence/2013/01/web-exploits-bright-future/
Compliments of Dunbar Pappy
What You Need to Know About the Java Exploit
https://krebsonsecurity.com/2013/01/what-you-need-to-know-about-the-java-exploit/#more-18420
by: Wide Glide
on: 14th January 13
Posted in 
Tags: 
A patch will be available “shortly” so it’s really up to you, hackers are not reliant on Java for these attacks anyway. I think it’s one of these things that has be blown out of all proportion as happens once in a while.
Hello JonZ,
Homeland Security alerts was directed at Mainly Business, Corp’s and Goverment.
” hackers are not reliant on Java for these attacks anyway.”
This could not be further from the truth and totally irresponsible to say such a thing.
For many years now one of the main injection points of malware has been attacking outdated versions of Java. Not limited to Java, also includes, Adobe, Flash Player, Windows not be keep updated, out dated browsers, add-on’s and/or extensions, etc……………….
Exploit kits sold on the black market(What Botherder’s/Hackers use to spread malware/spam) have the ability to check for unsecured web sites(plenty out there) and when found, they inject malicious scripts. When a unsuspected user visits one of these sites, they are redirected to the actual site delivering the malware payload.
Here is where Java and the rest above come into play. The exploit kit also has the ability to check a computer for outdated software, what country you are in, what operating system and what browsers you have.
Lets take the Reveton Ransomware. By knowing what country, it delivers the correct GUI such as FBI, Ukrash, CCI, etc. This holds true for the name changing Rogue @ XP Antivirus 2013, Vista Antivirus 2013 or Win 7 Antivirus 2013, it knows what operating system.
Homeland Security and the news on tv is only a very few that has alerted the public. This Alert started with REAL security Experts in the Security Community. For instance:
CTA: Unpatched Java Exploit in the Wild
By Adam Kujawa
January 10, 2013
In Malware Intelligence
URGENT: New Java Exploit being used to infect Updated Users.
ACTION: Disable Java Browser Plugin using:
http://nakedsecurity.sophos.com/2012/08/30/how-turn-off-java-browser/
http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/
How to Disable Java
How to disable Java in Internet Explorer
http://nakedsecurity.sophos.com/how-to-disable-java-internet-explorer/
How to disable Java in Firefox
http://nakedsecurity.sophos.com/how-to-disable-java-firefox/
How to disable Java in Chrome
http://nakedsecurity.sophos.com/how-to-disable-java-chrome/
How to disable Java in Safari
http://nakedsecurity.sophos.com/how-to-disable-java-safari/
How to disable Java in Opera
http://nakedsecurity.sophos.com/how-to-disable-java-opera/
DETAILS:
As of yesterday, a new Java exploit has been developed and released to the cyber-crime community. It is currently in the wild and being used to distribute malware such as the Reveton Ransomware.
No one is safe from this exploit if you have Java enabled in your browser, it is targeting the most recent update however it will still work on previous versions. The best thing to do is disable Java entirely from running as a plugin on your browser. To do this, follow one of the above links and follow the instructions and restart your browser. If you are using Mozilla Firefox, Java might already be disabled because it seems that some browsers are taking the initiative and just disabling it automatically because of the threat.
READ MORE
http://blog.malwarebytes.org/intelligence/2013/01/cta-unpatched-java-exploit-in-the-wild/#more-540
ABOUT EXPLOITS
http://blog.malwarebytes.org/intelligence/2013/01/web-exploits-bright-future/
Compliments of Dunbar Pappy
What You Need to Know About the Java Exploit
https://krebsonsecurity.com/2013/01/what-you-need-to-know-about-the-java-exploit/#more-18420
What You Need to Know About the Java Exploit; https://krebsonsecurity.com/2013/01/what-you-need-to-know-about-the-java-exploit/#more-18420
Make sure to read and understand the final paragraph while there regarding “JavaScript” (not directly associated with “Java”, but a heavily used and common exploit).
Also note that, although helpful, Yahoo News is sometimes a day behind other more reliable sources for these kinds of “heads-up” alerts, and it behooves Internet users (all OS’s) to constantly refer to them if they want to avoid trouble.
Some I use are:
https://www.pcworld.com/news/security
http://www.theregister.co.uk/security/
http://internetidentity.com/news
http://research.zscaler.com/
There are many others, but the lead ones give news in an e-z to understand digest form.
Sad to say, using the Internet requires a comprehensive understanding of many realms, especially if you use Windows.
Oracle states it’s only a problem in the JDK7 and that means to me that most people need not worry.
Most people are not using a development kit. Those that are already know what to do.