>>>Actually, at this moment there is a much more serious unpatched vulnerability in Java: http://mashable.com/2013/01/13/java-exploit/ . The same principle applies, disable or uninstall Java until it's fixed, or avoid untrusted sites that may use it.
>>>
>>One of the nice things in germany is that nowadays you must use a java based program to file anything with the IRS.
>>Not only this give a nice opportunity to install any gov tracer it wants, it leaves the computers open to any java vulnerabilities,
>>unless you opt to install/deinstall monthly. Now where was that old PIV clunker so I can set up as a gov dummy machine ?
>
>Sounds like a job for a VM!

Yes and no - I am wondering if I should create a special, relatively open subnet living directly at my router,
having a WiFi which is secured, but shared with trusted visitors. In that subrange a special surfing clunker
would run via cable to "visitor" router - and have VM's for tax purposes and other stuff as needed,
probably linux based as host.

Running on another router with its own NAT and perhaps cable only would be the real work machines.
Trying to think ahead - malware would have to cross more layers that way.
Data "sharing" if needed done via table/ASCII sneaker net, today via USB sticky finger fishing...

Unsure what would be best for my own aPad WiFi - also using the first router
might offer more chances for my pwds sniffed out by compromized VM/other tasks,
whereas having a second WiFi net makes the PCs on LAN less secure.

While I guess I am a bit more paranoid than others, quite a few of the security holes I imagined have been realized -
when I was automating IE last century quite a few leaks like cross site access were evident and the banking card
scimmings and PIN thefts were as easy to predict as man in the middle attacks...