Very good article. Note that only browsers are involved and only if they 
use Java 7. Other programs, especially those using Java 6 are not 
affected. That is the case with BrailleBlaster 
http://www.brailleblaster.org .
John

On Mon, Jan 14, 2013 at 08:48:30AM -0500, Bob, K8LR wrote:
> Hi,
> 
> Here is more info on the Java security problems.  This just appeared on the 
> Chicago Tribune web site.  I don't think that the government is trying to 
> scare us on this one.  I've known two people whose idenity was stolen and 
> its not fun at all!
> 
> Bob, K8LR, [log in to unmask]
> Reuters
> 6:48 a.m. CST, January 14, 2013
> Oracle Corp. released an emergency update to its Java software for surfing 
> the Web
> on Sunday, but security experts said the update fails to protect PCs from 
> attack
> by hackers intent on committing cyber crimes.
> The software maker released the update just days after the U.S. Department 
> of Homeland
> Security urged PC users to disable the program because of bugs in the 
> software that
> were being exploited to commit identity theft and other crimes.
> Oracle's failure to quickly secure the software means that PCs running Java 
> in their
> browsers remain vulnerable to attack by criminals seeking to steal 
> credit-card numbers,
> banking credentials, passwords and commit other types of computer crimes.
> Adam Gowdiak, a researcher with Poland's Security Explorations who has 
> discovered
> several bugs in the software over the past year, said that the update from 
> Oracle
> leaves unfixed several critical security flaws.
> "We don't dare to tell users that it's safe to enable Java again," said 
> Gowdiak.
> Some security consultants are advising businesses to remove Java from the 
> browsers
> of all employees except for those who absolutely need to use the technology 
> for critical
> business purposes.
> HD Moore, chief security officer with Rapid7, a company that helps 
> businesses identify
> critical security vulnerabilities in their networks, said it could take two 
> years
> for Oracle to fix all the security bugs that have currently been identified 
> in the
> version of Java that is used for surfing the Web.
> "The safest thing to do at this point is just assume that Java is always 
> going to
> be vulnerable. Folks don't really need Java on their desktop," Moore said.
> An Oracle spokeswoman declined to comment.
> ORACLE'S UPDATE
> Oracle said on its security blog on Sunday that its update fixed two 
> vulnerabilities
> in the version of Java 7 for Web browsers.
> It said that it also switched Java's security settings to "high" by default, 
> making
> it more difficult for suspicious programs to run on a personal computer 
> without the
> knowledge of the user.
> Java is a computer language that enables programmers to write software 
> utilizing
> just one set of code that will run on virtually any type of computer, 
> including ones
> that use Microsoft Corp's Windows, Apple Inc's OS X and Linux, an operating 
> system
> widely employed by corporations.
> One version is installed in Internet browsers to access web content. 
> Separate versions
> are installed directly on PCs, server computers and other devices including 
> phones,
> webcams, and Blu-ray players.
> The Department of Homeland Security and computer security experts said on 
> Thursday
> that hackers figured out how to exploit the bug in a version of Java used 
> with Internet
> browsers to install malicious software on PCs. That has enabled them to 
> commit crimes
> from identity theft to making infected computers part of an ad-hoc networks 
> that
> used to attack websites.
> Oracle said that the flaws only affect Java 7, the program's most-recent 
> version,
> and versions of Java software designed to run on browsers.
> Java is so widely used that the software has become a prime target for 
> hackers. Last
> year, Java surpassed Adobe Systems Inc's Reader software as the most 
> frequently attacked
> piece of software, according to security software maker Kaspersky Lab.
> Java was responsible for 50 percent of all cyberattacks last year in which 
> hackers
> broke into computers by exploiting software bugs, according to Kaspersky. 
> That was
> followed by Adobe Reader, which was involved in 28 percent of all incidents. 
> Microsoft
> Windows and Internet Explorer were involved in about 3 percent of incidents, 
> according
> to the survey.
> The Department of Homeland Security said attackers could trick targets into 
> visiting
> malicious websites that would infect their PCs with software capable of 
> exploiting
> the bug in Java.
> It said an attacker could also infect a legitimate website by uploading 
> malicious
> software that would infect machines of computer users who trust that site 
> because
> they have previously visited it without experiencing any problems.
> Security experts have been scrutinizing the safety of Java since a similar 
> security
> scare in August, which prompted some of them to advise using the software 
> only on
> an as-needed basis.
> Meanwhile, Microsoft said on Sunday that would it release an update on 
> Monday to
> fix a previously disclosed flaw in Internet Explorer versions 6, 7 and 8 
> that made
> PCs vulnerable to attacks in which hackers can gain remote control of the 
> machines.
> Microsoft previously released a temporary fix to prevent such attacks.
> Copyright � 2013, Reuters
> 
> Bob, K8LR, [log in to unmask]

-- 
John J. Boyer; President, Chief Software Developer
Abilitiessoft, Inc.
http://www.abilitiessoft.com
Madison, Wisconsin USA
Developing software for people with disabilities