Java and Flash increasingly becoming gateway for hackers
| Tobias Hanraths |
Berlin (dpa) – Ubiquitous but insecure: Utilities such as Java and Flash are installed on many computers and are increasingly becoming a gateway for hackers.
Flash developer Adobe in recent weeks has published two updates, while Oracle has had to plug several holes in Java since the beginning of the year.
“Such programs are attacked so often because they’re installed on every computer,” says Ben Hermann of the European Centre for Security and Privacy by Design at the Technical University of Darmstadt in Germany.
Today the hackers have a clear favourite, the security expert says: “Flash has become almost uninteresting because it’s used much less than before and also is more secure.” For that reason Java is attacked most often.
The method is always the same: On a manipulated website, criminals place an item that starts the browser’s Java plug-in. The item is usually only a pixel in size and invisible to the naked eye.
Subsequently the hacker can gain access to the victim’s computer by exploiting a security hole in Java.
The goal isn’t always simple theft. “Most of the attacks are so-called broadband attacks,” says Hermann. “The goal is to bring as many computers under control as possible.”
The so-called zombie computers can then be used to collectively attack a firm or institution or to send out spam e-mails.
The simplest protection against attacks via Flash or Java is to immediately install updates as they become available. Both programs can be set up to automatically search for patches on a regular basis.
It’s also possible to disable Java, either partially or completely.
“You can switch off the browser plug-in individually,” says Hermann. There’s no need to fear too many restrictions by so doing, even though many websites use Java, for example for seat booking at concerts or the cinema.
In such cases the plug-in can easily be switched on again. In any case, programs that require Java should still function even with the plug-in disabled.