Wow, just, wow. As we previously opined, Java has indeed already been exploited again a mere 1 day after releasing a patch to fix the last 0-day threat.

This threat can be purchased for a mere $5,000 on the internet, a paltry sum considering the amount of money people make on botnets, spamming, extortion, and the rest of the nefarious practices this security flaw could result in.

Trend Micro, a well known anti-virus vendor commented today on the flawed patch, and referenced their previous post “How to Use Java – If You Must” on safe ways to use Java when required, but not all the time.

For the vast majority of users, disabling Java would have minimal impact. For the rest of the users, we agree with Trend’s suggestions:

For users who cannot avoid using Java, there are other ways to mitigate its risks:

1. If you have Java installed because an application needs it, opt to disable Java in your browser(s)
2. Disable Java on a per-browser basis. Pick a “secondary” browser to use for sites that use Java and disable it in your preferred browser

This seems like good advise, however there is a third option. Use an XVU Drive when accessing secure sites and prevent any infection at all from affecting your browsing.