Although security flaws in Java have surfaced recently, the version identified as vulnerable is not one used with Penn’s core computing systems.
On Jan. 10, the United States Department of Homeland Security issued an advisory recommending computer users to temporarily disable the latest version of the software, Java 7, on their computers. The advisory came after computer security experts discovered security flaws in Java’s coding that allow an opening for hackers to install malicious software on PCs, leading to potential issues such as identity theft.
The vulnerability has the potential to affect a wide range of operating systems, including Windows, Apple OS X and Linux platforms.
The central University enterprise system also utilizes the Java program. However, the system uses a different version, Java 6, which has not been identified as being vulnerable. The problematic Java 7 has not been certified for use on any core campus systems.
Following the Department of Homeland Security’s advisory, the Office of Information Systems and Computing notified the Penn information technology community about the new security concerns the day the advisory was issued. As a preemptive measure, ISC recommended that users disable the vulnerable version of the software until Oracle — the company that devloped Java — releases updates to address the flaw. The department also provided web links showing users how to identify the current version of Java and disable the software from their individual browsers.
ISC does not feel that there is a security risk with the University’s system at this time.
“Of course there is nothing that is ‘certain,’ but this is not an obvious high risk for the University,” University Information Security Officer Joshua Beeman said in an email.
College sophomore Christina Atterbury shared a similar view and felt that Penn’s system is safe “as long as they are running the more secure version of Java.”
“I wouldn’t say that I’m concerned,” she said. “I’m not going to stop using Java, but I think this is a good time for everybody to realize that things we take for granted on computers are not as secure as we think they are.”
Java is one of the most popular programming languages in use. As of 2012, it has a reported 10 million users, and some version of Java is incorporated in most web browsers. Due to its popularity, the software has become a prime target for hackers, and was the target of 50 percent of all cyber attacks in the past year.
Three days after the Department of Homeland Security’s recommendation to disable Java, Oracle released a software update to fix the recently discovered flaws in the Java 7 program. However, experts claim that Java still contains security flaws.
ISC has notified Penn IT staff of the software update and will continue paying attention to the situation.
“ISC Information Security will continue to monitor campus networks for signs of compromised systems and notify schools and centers in the event such systems are identified,” Beeman said.