A few days ago, the world became aware of the existence of a new Java exploit. (For the technically minded, it’s CVE-2013-0422, and if you want to, you can read about it here ... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422&utm_source=dlvr.it&utm_medium=twitter)
New vulnerabilities, and exploits, happen all the time, but this is a little more serious than most because it is seemingly in use in multiple exploit packs already, and this means it’s highly likely to be widespread already.
However, although it is widespread, there is a simple defense, and that is to disable Java until a security patch is available to address this vulnerability. A quick Google or Bing will show you how to disable Java for your operating system and browser, but here’s a handy link (http://www.pcmag.com/article2/0,2817,2414191,00.asp) that shows how, and here’s a link to test if Java has been disabled. (http://www.java.com/en/download/testjava.jsp) Some experts are suggesting that you should be cautious about surfing the web, and that you should only visit websites that you trust. This is true, but the problem is which websites should you trust, and it’s a bit like saying that it’s easy to make money on the stock market ... all you need to do is buy low and sell high.
Unless you are going to restrict yourself to only the very biggest websites, you can’t really tell which ones are safe.
In fact, the 2012 Verizon Data Breach Report highlights that the majority of the 855 data breaches analyzed were perpetrated against smaller firms. This is probably simply because they don’t have the staff to properly and systematically update these packages.
Building modern websites is complex, and even small businesses can use large numbers of server-side packages. These guys are now the easiest targets.
It’s a tricky Internet folks, disable Java, and be careful.