« Internet Explorer | Main | Mac Safari Browser »

Thursday, September 05, 2013

Don't Believe Everything You Read

A good overview by Brian Krebs on why Java continues to be a serious security risk:

https://krebsonsecurity.com/2013/09/researchers-oracles-java-security-fails/ 

Posted by Matthew Carrick at 9:29.30 AM EDT | Permanent Link

| Categories: Java, Privacy Issues, Security Alerts

Saturday, February 02, 2013

Twitter Hack and Java

The recent hack of Twitter appears to have been accomplished via some Java exploit. The insecure nature of Java is well known and unless you specifically require Java your best practice is to uninstall it via the Control Panel under Windows. If you do require Java you need to uninstall the Java plugin for browsers. Check out 'ole Krebs on Security for the details.

If you keep Java set it to auto-update once a day. Handy, dandy screencaps illustrating the simple process are here.

Wednesday, September 19, 2012

Critical Internet Explorer Hole

Those still using Internet Explorer as their browser of choice are well advised to use an alternative such as Firefox, Chrome or Opera to avoid being a victim of the latest security problem. According to several sources a Microsoft FixIt patch will be issued ASAP to solve the issue - at that time you can apply the patch and go back to using Internet Exploder. An exhaustive exploration of the problem (and a partial fix) can be viewed at https://krebsonsecurity.com.

Posted by Matthew Carrick at 9:30.20 AM EDT | Permanent Link
Comment by Matthew - Wednesday 19th September 2012 08:44:13 PM

Damn, that was quick! Visit http://support.microsoft.com/kb/2757760 to apply the FixIt.
Comment by Byte me - Saturday 03rd November 2012 06:10:02 PM

I never met a hole I didn't think was critical.

| Categories: Alternative Apps, Best Practices, Google Chrome, Java, Mozilla Firefox, Opera, Security Alerts

Saturday, September 01, 2012

Critical Java Update

Poor Oracle has again released an update for Java that stops a zero-day attack that threatened all Operating Sytems. Users with exploitable versions of Java could have malware installed on their systems by merely browsing to a cracked or evil Web site.

Unless you specifically require Java your best practice is to uninstall it via the Control Panel under Windows.

If you need Java then make sure you set it to auto-update at least once a week (the default is once a month . . . as if . . . ) or, better yet, once a day. Click the Java icon in the Settings, click the update tab and finally the advanced button to make the change.

Handy, dandy screencaps illustrating the process are here.

Posted by Matthew Carrick at 8:44.20 AM EDT | Permanent Link
Comment by Matthew - Saturday 01st September 2012 09:50:58 AM

If you still require Java on your system you should disable its integration with any and all browsers you use regardless of your Operating System. Here is How to Unplug Java from the Browser
Comment by better than ketchup - Thursday 27th September 2012 09:02:08 PM

How 'bout I unplug Java from my life?

cheese burger
Comment by Matthew - Friday 28th September 2012 05:59:55 PM

Recent studies seem to confirm one or two cups of Java a day is beneficial. Good day, Sir.

| Categories: Java, Privacy Issues, Security Alerts

Monday, October 18, 2010

Java Security Hole

Microsoft's Malware Protection Center Blog is reporting a huge surge in Java exploits. From the end of 2009 until now the number of exploits has gone from roughly 100,000 to 6,000,000!

So, if you have Java on your machine (Mac, Linux or Windows) then make damn sure it's patched.*

Remember, the default patching schedule only checks the Mothership for updates on the 14th of every month and this is way too long to wait. Change it to daily. Have it occur immediately after you back up your data.

If you use Windows you should install as a service Secunia PSI which will automagically check for a wide range of patches.

*If possible, remove Java if it is not required by another application. Java is, for most users, in the background and you may never know it's running unless you have seen the splash screen. If you remove Java and some application breaks it will probably very politely suggest you need to install Java. In this case, well, you need Java so simply make sure it's patched as you do any other application.

Posted by Matthew Carrick at 8:59.32 PM EDT | Permanent Link
Edited on: Saturday, September 01, 2012 9:27.01 AM EDT

| Categories: Java, Security Alerts