PSA! DHS warns of vulnerability in UPnP!

[Harvey]

Over the last few weeks, DHS issued warnings to uninstall or at least disable Java due to major vulnerabilities. Now, even if you were wise enough to do that, just when you thought it was safe to go back in the cyber-water... it isn't! :hmm:

1. NEW ALERT!

Homeland Security: Disable UPnP, as tens of millions at risk

By Zack Whittaker for Zero Day | January 29, 2013 -- 21:03 GMT

Summary: The U.S. government is warning to disable a common networking feature after bugs have left tens of millions of hardware devices vulnerable to attacks by hackers and malware.

The U.S. Department of Homeland Security is next in line to warn of a serious threat to networking devices, such as scanners and printers, computers and routers.
.
.
(continues)

Further info from another article on ZD Net.

2. Oracle released Java ver. 7.11. All it does is raise the default secuirty level to highest. That causes the system to prompt you to approve downloading a file, but it does NOT fix the vunerability. If you don't need Java, the safest action is to uninstall it from your machine until Oracle gets its sh8 together.

 

[Ken g6]

I don't usually link to GRC, but this might be useful for the UPnP issue, at least for computers not behind a firewall:

http://www.grc.com/unpnp/unpnp.htm