A zero day is an attack that exploiters use to take advantage of vulnerabilities that don't have a solution. In a sense it's an attack that the creators of the Java (in this case) and it's users are unaware of.
The vulnerability that this flaw had imposed "was considered so serious that the U.S. Department of Homeland Security urged computer users to turn off Java on their machines" (Mello). And because of this flaw, it poses a major risk of identity theft and bank fraud along with many other threats it poses.
Also, since the next patch for Java isn't until the 15th of February, that leaves many of those who uses Java still at risk.
Is it really worth the risk despite the many capabilities that Java allows for us to have?
Works Cited
Bram Thursday, and Lucy Oppenheimer. "What Is a Zero Day Attack?" WiseGeek. Conjecture, 22 Oct. 2012. Web. 06 Feb. 2013.
Mello, John P., Jr. "SPOTLIGHT ON SECURITY100 Million Systems Vulnerable to Java Flaw." Technology News: Security: 100 Million Systems Vulnerable to Java Flaw. N.p., 14 Jan. 2013. Web 06 Feb 2013.
"What is Java? A Java Definition." What is Java and What is JavaScript Used For? A Java Definition. N.p., n.d. Web. 06 Feb. 2013.
I'm glad you touched on the Java issue, because I get flack all the time from my IT husband for using Blackboard and enabling Java when Blackboard requires it for the supplemental software packages built into BB.
ReplyDeleteSo are there any other options that people have? That is, can someone use a Java-like application as a substitute that doesn't have the same flaws?