I came across this tidbit reading the news today. Sounds pretty scary, so I will rattle your cyber cages with it.
Pretty much every web browser in common use allows websites you visit to run programs written in Java. Most of these programs provide dynamic content and such, but some are malicious. Java contains a vulnerability called Zero Day that is apparently bad enough that Homeland Security recommends you disable Java in your web browser:
Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
SolutionWe are currently unaware of a practical solution to this problem. Please consider the following workarounds:
Disable Java in web browsers
Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. Please see the Java documentation for more details.
Note: Due to what appears to potentially be a bug in the Java installer, the Java Control Panel applet may be missing on some Windows systems. In such cases, the Java Control Panel applet may be launched by finding and executing javacpl.exe manually. This file is likely to be found in C:Program FilesJavajre7bin or C:Program Files (x86)Javajre7bin.
Also note that we have encountered situations where Java will crash if it has been disabled in the web browser as described above and then subsequently re-enabled. Reinstalling Java appears to correct this situation.
I found this info through a ZDNet article.
If you’re using Firefox on windows, you can go to the Tools->Add-Ons menu. I’ve disabled Java in the Extensions and Plug-Ins. If you use IE, you’ll have to go to the control panel and disable it through the Java console there.
If somebody finds out that my follicles are aflame, I will delete this post and get back to laughing.
I’m gonna call out to JanF and Chris Blask, both of whom know more about this stuff than do I.