[citation][nom]Marcus52[/nom]Did you read the article?"Crisis is distributed via social engineering and tricks a user into running a Java applet Flash installer."Java is a security risk, and Flash is even worse. It's not a matter of "hating Java", it's a matter of caring about security when you connect to the internet.[/citation]
Now, don't put java and flash in the same bracket.
Many people seems to confuse java with javascript, which are two completely separate things.
For example, when it is said that the chrome browser is really fast for java, it is really implicated to mean that it is fast for javascript, not Java the language.
Most security risks come from javascript, the java language isn't nearly as common as javascript on the web.
And the so often nagging "update java" from oracle that have you update java manually has nothing to do with the javascript that many people really think is java.
And in this exploit there is a third thing, java-applet, which is based on java the language, not javascript.
Somebody else talked about using "noscript" to block java. I don't use noscript, but isn't that blocking javascript and not java? Or is it blocking both?