posted on Jan, 13 2013 @ 05:48 PM
This is actually legit...but I doubt many of you will listen to me.
I work in Cyber security, specifically Information Assurance (of which scanning and patching vulnerabilities is a primary responsibility). The alert
was issued from CERT (a recognized leader in security).
Please, listen to the DHS on this. I don't trust them either, but they are only repeating what CERT put out to stave off potential damage.
The way the exploit works is that a hacker sets up a "rogue" web server with a webpage and java applet that loads the exploit. Then, they can use
techniques such as Cross Site Scripting and other ways to get users to go the rogue web server they set up. Once your browser loads their custom java
applet (which is the exploit) it will exploit your machine giving the hacker complete access to your machine. At which point the hacker and look
through all of your files, put your computer on a bot net, could use it as a relay for illegal material such as child porn, etc.
I work for the Department of the Navy (as a civilian) and we worked overtime this weekend to do what we can to mitigate this vulnerability until a
patch comes out. This is a big deal. Take it seriously. Disable Java.