Computer Software Alert:
Millions of computer users were advised11 JAN to temporarily disableOracle’s Java software because of security weaknesses that make their machines vulnerable to everything fromvirus-infected websites to “ransomware,” which often locks users out of their computers until they pay theperpetrators. Oracle said it will issue a patch 15 JAN that contains “86 new security vulnerability fixes.” It addedthat “due to the threat posed by a successful attack, Oracle strongly recommends” that customers update Java ontheir computers with the patch as soon as possible.In a warning 10 JAN the Department of Homeland Security advised people to disable Java in Web browsers,presumably until Oracle is able to correct the problem. But some security bloggers have warned that disabling Javacan be complicated. Java makes it easy for software programs to run on most computers and websites, and it iswidely used throughout the world.Apple disabled newer versions of Java from its personal computers Thursday night, but will let its customers usethe software again if they upload Oracle’s fixes, according to a knowledgeable source. In addition, Mountain View,Calif.-based Mozilla said in a blog post that it has begun blocking Java on its Firefox browser unless someone clickson a feature to activate the software. The click-to-play feature “allows users to enable the Java plugin on a per-sitebasis if they absolutely need the Java plugin for the site,” the blog said. The Department of Homeland Security notedthat “reports indicate this vulnerability is being actively exploited” by cybercrooks, who could use the flaw to lurecomputer users to virus-infected websites. Some crooks already are selling “exploit kits” to other crooks to takeadvantage of Java’s problems, said Liam Murchu, a researcher with Mountain View security firm Symantec. He saidone common scam that could be exploited with the Java flaw is to shut down a user’s computer with a ransomwarevirus and then demand money to unlock the machine. Another, he said, is to send a user an official-looking messagesaying their computer is infected and then dupe them into paying for a phony anti-virus product that doesn’t work.Murchu said Symantec has determined that its Norton anti-virus software can block current versions of malwaredesigned to take advantage of the Java vulnerabilities. So if a person has Norton installed on their computer, he said,“theoretically they shouldn’t need to disable Java.” However, he said, crooks may issue new types of malware thatmight temporarily evade Symantec’s software. “So if you really wanted to be safe,” he suggests disabling Java untilit can be updated with Oracle’s patch. Murchu added that shutting off Java shouldn’t cause huge problems for mostpeople, unless they need to access a website that requires the Oracle software, such as some payroll-related sites. Inthose instances, the user may need to turn on Java just long enough to access that site and then turn it off until thepatch can be issued. “Unfortunately, turning it on and off for most people is cumbersome,” Murchu said. And whileit may be unlikely a computer would be infected during the brief time it’s running Java, he added, “you basicallynever know when you’re going to be hit.” Information on how to disable Java can be found athttp://www.java.com/en/download/help/disable_browser.xml.[Source: San Jose Mercury News | Steve Johnson |12 Jan 2013 ++]*********************************
Save Our Benefit Update 02:
The Military Resale and MWR Center for Research,
established bythe American Logistics Association, released a major economic review of the military resale system documentingthese benefits for the military community and the nation. Pat Nixon, President of the American LogisticsAssociation which released the report,
Costs and Benefits of the Department of Defense Resale System,
said, “theresale system demonstrates a remarkably high return for resources invested in this program, producing jobs, fundingfor vital military community programs, and promoting American industry.” According to Nixon, “The systemblends the best of the private sector and government coming together to fulfill that reciprocal commitment to ourmen and women in uniform who have given so much.” The Department of Defense (DoD) operates hundreds of exchange and commissary outlets at installations around the globe producing $18 billion a year in revenue,providing a wide range of products and services at prices 24 to 50 percent below prices at commercialestablishments.