Java is one of the most famous programming language. A
plugin is an addon so that you can use the power one software from another. Well if they share functionality, they might as well share security issues.
This is the first post on Security. If you haven’t heard about a security breach or a botnet or a website or computer hacked, its time to know.
website being hacked means extracting data illegally which could have been possible because of a bad configuration or the software not begin up to date.
computer being hacked means an illegal user (who is supposed to be not be there) gained access to your computer and stealing information. ( You don’t want a stranger roaming in the house eating eggs from your refrigerator and using your money from your wallet). This usually happens via the browser or a local network or having physical access to the computer.
Configuring a browser
Coming back to configurations. There is a lot to configure in your browser where you might be reading this post. A browser has plugins and extensions. Java and Flash Plugins, Firefox and Chrome Extensions are the usual ones a normal user uses. The plugins have the ability to read / write to any where in your computer. Since the plugins run in the browser, the API they provide to the developers contain abstractions. Though some times the code has bugs. Researchers find bugs and report them in order to avoid exploitation of bugs before a bad guy finds them and uses them.
Don’t use if you don’t need it.
Its best if you disable the feature if you are not using it (assuming the software respects the configuration correctly). A Recent Java Bug for reference.
My personal experience is that I use the internet for at-least 10 hours a day and its hard to come across sites that use Java applets or SilverLight. Flash is a common one, but one can find the downward trend and because of the HTML5 standardisation. Also, it depends on the sites being browsed since if someone distributes illegal data, its possible that they are trying to get more from people who are accessing the sites.
By the way,
a botnet is a network of such hacked computers working together to accomplish a task. Think what you can do if you have access to hundreds of machines across the world ?