As many of you have already read, a new 0-day attack has been released for Java. This one is nasty, as not only does the exploit work on the latest versions of Java but we are already seeing the exploit hit the streets in several crimware packs. For more details check out the great write-up by Brian Krebs. Ultimately, the best defense against Java attacks is to not have Java installed. Most computers do not need Java. The challenge is getting the word out to people so they know and understand this.
It just so happens that the OUCH! security awareness newsletter published today is on this exact topic. It explains what Java is, the dangers of using Java, how to disable or remove it, and finally if you must have it how to help keep Java more secure. As we know and recognize security is a global challenge, OUCH! is published in 17 different languages. You are encouraged to download, distribute and share OUCH!. As always, you can download this and other editions of OUCH! at the OUCH! website.