从一条微博看有失水准的科技新闻

Categories: Ugly; Tagged with: ; @ January 14th, 2013 22:10

今天上午, 看到有人转发某派出所的微博:

image

 

派出所发布这样的微博应是出于好意, 告诉大家要小心黑客. 但我的问题是, 是否了解什么叫做”Java”软件?

由于微博中并无新闻链接, 所以在下认为应该了解清楚,  本着一颗学习的心, 咱们先上美国国土安全部的网站:

http://www.dhs.gov/  虽然是政府网站, 但搜索是的确可以用的!  以”java”作为关键字进行搜索:

第一条是来自US-CERT.gov的警告:

image

US-CERT 是 DHS的下属单位, Alert地址: http://www.us-cert.gov/cas/techalerts/TA13-010A.html

请注意, 有关的版本号为: Java 7 (1.7/1.70) 该页下方的解决方案:

Solution

Disable Java in web browsers

This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment.

Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client:

For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab.

If you are unable to update to Java 7 Update 10 please see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per-browser basis.

所以本人觉得 派出所的微博有点太夸张了.   所以@派出所对这个问题展开讨论, 派出所给出回复, 提及几个网站, 其一位新加坡联合早报:

image

该报到援引 路透社的消息, “当局说,所有主要的作业系统(OS)和浏览器都受到这项攻击的影响,建议卸除个人电脑内所有Java程式”,我们再来看路透社的有关新闻:

image

该文也只是使用”Java Software”简单引述, 并未提及任何版本号码.

 

从路透社开始, 到联合早报, 再到国内大小专业/非专业网站/微博 整理转发, 一个Java 1.7的安全漏洞被上升为”Java软件”.  楼越盖越歪.

我并不担心缺乏信息, 我担心的是被垃圾信息包围.



// Proudly powered by Apache, PHP, MySQL, WordPress, Bootstrap, etc,.