Thursday, September 05, 2013
Don't Believe Everything You Read
A good overview by Brian Krebs on why Java continues to be a serious security risk:
Saturday, February 02, 2013
Twitter Hack and Java
The recent hack of Twitter appears to have been accomplished via some Java exploit. The insecure nature of Java is well known and unless you specifically require Java your best practice is to uninstall it via the Control Panel under Windows. If you do require Java you need to uninstall the Java plugin for browsers. Check out 'ole Krebs on Security for the details.
If you keep Java set it to auto-update once a day. Handy, dandy screencaps illustrating the simple process are here.
Wednesday, September 19, 2012
Critical Internet Explorer Hole
Those still using Internet Explorer as their browser of choice are well advised to use an alternative such as Firefox, Chrome or Opera to avoid being a victim of the latest security problem. According to several sources a Microsoft FixIt patch will be issued ASAP to solve the issue - at that time you can apply the patch and go back to using Internet Exploder. An exhaustive exploration of the problem (and a partial fix) can be viewed at https://krebsonsecurity.com.
Saturday, September 01, 2012
Critical Java Update
Poor Oracle has again released an update for Java that stops a zero-day attack that threatened all Operating Sytems. Users with exploitable versions of Java could have malware installed on their systems by merely browsing to a cracked or evil Web site.
Unless you specifically require Java your best practice is to uninstall it via the Control Panel under Windows.
If you need Java then make sure you set it to auto-update at least once a week (the default is once a month . . . as if . . . ) or, better yet, once a day. Click the Java icon in the Settings, click the update tab and finally the advanced button to make the change.
Handy, dandy screencaps illustrating the process are here.
Monday, October 18, 2010
Java Security HoleMicrosoft's Malware Protection Center Blog is reporting a huge surge in Java exploits. From the end of 2009 until now the number of exploits has gone from roughly 100,000 to 6,000,000!
So, if you have Java on your machine (Mac, Linux or Windows) then make damn sure it's patched.*
Remember, the default patching schedule only checks the Mothership for updates on the 14th of every month and this is way too long to wait. Change it to daily. Have it occur immediately after you back up your data.
If you use Windows you should install as a service Secunia PSI which will automagically check for a wide range of patches.