Zero Day Java 7 Vulnerability

Please use caution when web browsing

Posted: 01/14/2013

Users who have Java  enabled in their browsers are vulnerable to a threat referred to as "Zero  Day Java 7 Vulnerability." Browsing the web with a vulnerable version  of Java installed and enabled means that simply visiting a website is  enough for an attacker to compromise your computer. This is known as a  "drive-by download."  Tulane Information Security is aware  of this exposure and is monitoring activity related to this issue. We are  blocking traffic from known sites that represent a threat.

RECOMMENDATIONS
While disabling Java is  one method of blocking this threat, the use of Java is essential to use of   Banner and other Tulane enterprise systems so it is not a practical  solution. We recommend that the Tulane computing community be as vigilant  as possible about visiting unfamiliar websites and consider the following:

1. Regularly check for,  update, and remove old versions of Java unless used for Tulane applications  including Banner and TAMS.  If unsure, please contact security for  clarification.
2. Don't click on web popups, but close the window  instead. If popups won't close, open your process list and force your  browser to close.

Information Security  will provide continued updates about his issue.

Please follow Information  Security at https://twitter.com/tulaneInfoSec.

If you have questions or require further detail about this issue, please email  us at security@tulane.edu.