Browser Exploit Kits Using Built-In Java Feature

tsu doh nimh writes "Security experts from several different organizations are tracking an increase in Windows malware compromises via Java, although not from a vulnerability in Windows itself: the threat comes from a feature of Java that prompts the user to download and run a Java applet. Kaspersky said it saw a huge uptick in PCs compromised by Java exploits in December, but that the biggest change was the use of this Java feature for social engineering. Brian Krebs writes about this trend, and looks at two new exploit packs that are powered mainly by Java flaws, including one pack that advertises this feature as an exploit that works on all Java versions."

Browse without Javascript,

[Compaqt]

Java, or plugins.

Slashdot works fine without Javascript (don't use the newfangled stuff).

Time, NYTimes, many/most other sites are fine without JavaScript.

When you need it, just also use another browser with JavaScript/Java/plugins turned on. I use Chrome for normal browsing, and Chromium when Javascript's needed.