Updated: January 28, 2013
Background
Recently, security bulletins have been issued on the internet warning about risks arising from potentially infected websites that exploit a security hole in all web browsers. Infected websites can take advantage of vulnerabilities in the widely used web browser plug-in for the Java platform and pose risks for Internet users.
What is Java?
Java is a development language and framework widely used in websites and applications. Here at UBC, many of our enterprise applications like the Learning Management System and the Student Information System use Java, and require the Java plugin to be enabled in the web browser in order to use the application.
Are UBC's systems safe?
UBC's enterprise applications like the Learning Management System (Connect) and the Student Information System are safe to use, as UBC actively manages and maintains its applications. However, any site can be compromised and malicious content uploaded. Sites that are not enterprise or have an unclear provenance or ownership like blogs, or gaming sites, may not be safe and should be avoided unless Java is disabled in the web browser.
What is UBC doing to protect its systems?
UBC follows best practices when developing its applications, and take security precautions to protect its enterprise systems. Individual users have control and responsibility to ensure that their desktops and laptops are secured. UBC provides free anti-virus to all faculty, staff, and students to help protect their desktops and laptops.
While UBC will apply all available fixes to its Java enabled enterprise systems as they are release by the vendor, it is advised that you disable Java in your default browser. Should you require the use of Java, it is highly recommended that you update your Java as soon as possible. If you require any assistance in updating Java on your computer, please contact the UBC IT Service Centre, either by phone, email, or walk-in at the UBC Bookstore. Please visit our Contact Us webpage for details.
What can I do to protect myself?
The best way protect your desktop or laptop is to disable Java in your default browser and use a separate browser for trusted Java enabled sites. For example, if you need to access the Connect Learning Management System, you will need to use a browser that has the Java plugin enabled. UBC IT recommends a browser with the Java plugin enabled, and another browser set as the default browser, with the Java plugin disabled. It's much harder to disable the plugin successfully for Internet Explorer1 so we don't recommend using this browser as the default browser.
Please visit our Java Advistory How-To Documentation for information on how to disable Java in Internet Explorer, Chrome and Firefox. If you need assistance, please contact the IT Service Centre at 604-822-2008 for assistance. Your local IT support group will also be able to assist you in disabling your Java plugin or answering questions about safe computing practices.
Overall, the best protection is following best practices like keeping your computer patched, with updated applications and anti-virus definitions..
How do I know if my system is compromised?
If you are concerned whether your laptop or desktop is already compromised, you can run a security scan using your antivirus software.
How do I get help?
You can get help from the UBC IT Service Centre, either by phone, email, or walk-in at the UBC Bookstore. Please visit our Contact Us webpage for details.
1 Vulnerability Note VU#625617, at Vulnerability Notes Database (http://www.kb.cert.org/vuls/id/625617)
