Nearly a billion PCs run this notoriously insecure software. Now Oracle has to clean it up.

RV_ · December 23, 2015

Excerpt:

"Oracle, one of the nation's largest tech companies, is settling federal charges that it misled consumers about the security of its software, which is installed on roughly 850 million computers around the world.

The company won't be paying a fine, and it isn't admitting to any wrongdoing or fault in its settlement with the Federal Trade Commission. But Oracle will be required to tell consumers explicitly if they have outdated, insecure copies of the software — and to help them remove it.

The software, known as Java SE, helps power many of the features consumers expect to see when they browse the Web, from browser-based games to online chatrooms. But security experts say Java is notoriously vulnerable to attack. It has been linked to a staggering array of security flaws that can enable hackers to steal personal information from users, including the login information for people’s financial accounts, the FTC said.

When Oracle bought Java in 2010, it knew that Java was insecure, the FTC alleged in its initial complaint. Internal corporate records seized by the FTC noted that the "Java update mechanism is not aggressive enough or simply not working."

The whole article is here: https://www.washingtonpost.com/news/the-switch/wp/2015/12/21/nearly-a-billion-pcs-run-this-notoriously-insecure-software-now-oracle-has-to-clean-it-up/?wpmm=1&wpisrc=nl_tech

Safe computing.

Ray,IN · December 25, 2015

Derek, is that the reason FireFox disables Java nearly every time it updates? It says it is because it cannot be verified? Then in a few days it begins working again.

RV_ · December 25, 2015

Beats me Ray, I use IE11 not FF since 2004/5. We remove Java from our computers and when it is needed for something important we load it then uninstall it afterwards.