Monthly Archives: April 2014

Critical Java Update

No JavaIf you are running Java (more on that in a moment), you must install the latest update:

Oracle informs us that at least four of the 37 security holes plugged in this release earned a Common Vulnerability Scoring System (CVSS) rating of 10.0 — the most severe possible. Vulnerabilities with a 10.0 CVSS score are those which can be easily exploited remotely and without authentication, and which result in the complete compromise of the host operating system.

But before you update your Java installation, first ask yourself if you really need Java. The safest way to use Java is to uninstall it altogether. It’s a security nightmare. So, why do you need Java? There are some programs that require Java. LibreOffice, for example, requires Java. Online chat, some games… the question is, can you live without it? We recommend that you uninstall Java from your computer and see what difference it makes. If something stops working, find an alternative program.

To uninstall Java, go to your control panel and select Add/Remove Programs. Find ALL occurrences of Java (Java didn’t uinstall previous versions until recently and those early Java installations are very dangerous) and uninstall them. If you are running a Mac, your Java has already been disabled or was not installed – unless you are on OSX version 10.6 or earlier in which case removing Java can actually damage your system. Consult your Apple Expert for assistance.

But if you decide that you must have Java, get your Java update now and install it… if you are running Java. Once you have installed the most recent update, you will want to disable Java in your browser(s). To do this first close any browsers that are open. Go to Start>>Computer and type “Javacpl.exe” in your search bar. If you find it, double-click on it to run it. Some computers, however, will not find it tis way. Instead you’ll need to find it manually. Go to Start>>Computer>>Local Disk (C:). If you have a 64-bit computer, go to Program Files (x86)>>Java>>jre7>>bin. On 32-bit computers, you’ll find it in Program Files>>Java>>jre7>>bin.

Double-click Javacpl.exe and find the Security tab. Uncheck the box that says “Enable Java content in the browser.” Now your browsers will not use Java which will render you much safer on the dangerous universe we call the internet.

Heartbleed – What to do and what not to do

OpenSSL-Heartbleed-vulnerability-CVE-2014-0160HeartBleed

What is it?

Heartbleed is the name that has been given to an extremely dangerous vulnerability in OpenSSL. OpenSSL is a protocol used on about two-thirds of the world’s websites including the FBI’s site, probably your bank’s website and your internet service providers servers. There has been vulnerability in this protocol for the last two years that allows hackers to access information being transferred to and from compromised websites and your computer. OpenSSL is also used in many routers – the devices that transfer data all over the internet. You probably have a router sitting on your desktop – it’s your connection to the internet.

What to do

Avoid secure internet transactions. Go to your brick-and-mortar bank location to do your banking. Do your shopping in person, not online. When your bank or other institutions notify you to change your password, change your password. If your internet service provider notifies you that you need to do something with your router, do it immediately. However, they will most likely be able to update your router without your involvement.

Last week the world was notified of this vulnerability. This means that all the hackers that were not aware of this vulnerability are now aware of it. You can be sure that they are now attempting to exploit this vulnerability. This is the absolute most dangerous time to engage in online commerce until this vulnerability has been removed. You can, however, test websites for this vulnerability at http://filippo.io/Heartbleed/. Be aware, however, that this is not an absolute guarantee of safety. If your router or other routers in the circuit are compromised, your data could still be at risk.

Because your data has been exposed for the last two years, you should contact Kathleen Hjort immediately or visit her website at www.kathleen76.legalshieldassociate.com and get identity theft protection. Legal Shield’s identity protection is the only service that will restore your identity for you in addition to providing alerts.

What not to do

DO NOT change your passwords online until you have been notified to change your password by the company or you have determined that the site is secure. This vulnerability does not give hackers access to data stored on servers – only data being transferred between your computer and the website. Hackers probably do not have your username and password now; if you go online and change it before the website has been updated, the hackers will be able to capture your username and password.