Java allows 'open hunting season' for hackers, experts find

Is Java a serious enough concern for you to disable it altogether?
Written by Charlie Osborne, Contributing Writer
java open season consumer hackers security recommendation disable oracle

Security professionals urge disabling Java on your PC, saying that the computer language has created an "open hunting season on consumers" for hackers.

Talking to Reuters, Jaime Blasco, Labs Manager with security firm AlienVault Labs recommended that consumers begin to disable Oracle's Java software after the recent discovery of yet another security flaw which allows hackers to exploit computers. Blasco said:

"Java is a mess. It's not secure. You have to disable it."

The computer language is widely installed on over 850 million PCs around the world. First released by Sun Microsystems in 1995, the computing platform is backbone technology which allows consumers using Microsoft's Windows PCs or Apple's MACs to run a number of processes including online games and Internet browsing. Java runs through plugins and modules on Internet browsers including Internet Explorer and Firefox.

However, it is not just Blasco who has concerns over the software's security. HD Moore, Rapid7's chief security officer -- a firm which assists businesses in identifying vulnerable elements in their infrastructure -- believes that Java has made a number of devices, including anything running on Mac OS X, Linux or Windows, vulnerable to attack.

Moore compared Oracle's Java to "open hunting season on consumers," who are being targeted more often by a host of cyberattacks, including malware and phishing scams. A number of toolkits, freely released on the web, are also of concern -- as many include software which can be used to exploit such security flaws. Therefore, if you have not already done so, you are advised to disable any modules in your browser which relate to the software.

Recently, another zero-day vulnerability was discovered in Java 7 Update 10, which is simply the latest security flaw to be exposed within the computer language. The exploit, verified by AlienVault labs, is currently in the wild and continues to be exploited.

We have reached out to Oracle and will update if we hear back.

Editorial standards