Wick Hill's MD, Ken Ward retires » Woking, Surrey: After 20 years with Wick Hill, and having reached retirement age, managing director ... Fayose vs. the Caliphate’s MACBAN and their fake C... » Sundoor999@gmail.com Gov. Ayodele Fayose has emerged as the Champion of the Nigerian people. He ... MWR launches annual HackFu Event with competitio... » London: Launching this year’s campaign for HackFu, its annual cyber security event, MWR InfoSecurity... 27 Security, Safety Tips To Prevent, Survive A Kid... » No doubt kidnapping for ransom and extortion (KRE) is a global problem. The gist is that this heinou... The Niger Delta Imbroglio: Why they struck again » This essay aims to critically analyze recent upshots: the relapse to agitation, militancy, bombing o... Lieberman Software and Core Security form strategi... » London, UK: Lieberman Software Corporation has announced a new strategic alliance with (Courion) Cor... Ness Tec helps secure the Torridon Hotel with MOBO... » UK: MOBOTIX AG has released details of a project for the Torridon Hotel that has upgraded its CCTV t... Norbain adds new Suprema and BioConnect biometric ... » Norbain has announced the addition of new BioConnect biometric products to the Norbain product portf... UK2 Group selects Opengear for global Smart Out-... » UK: Opengear has announced a successful project with UK2 Group, a growing hosting provider, to impro... Zinwave to demonstrate public safety DAS at Crit... » Zinwave has announced that it will showcase its UNItivity distributed wireless access solution (DAS)...

CLICK HERE TO

Viewpoints Header

In response to the news that Oracle has carried out an emergency security update on Java, Lamar Bailey, Director of Security Research and Development at nCircle has the following comments:

 

Here we go yet again. 2013 has seen a surge of critical vulnerabilities in IE, Java and Ruby on Rails. Attackers are targeting cross platform applications to try to obtain access to as many systems as possible using as few exploits as possible.

Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the security issues.

I have always thought Oracle did a good job of securing their products but I am losing some of my faith in them with the rash of Java vulnerabilities. I hope these security problems are not found in their other products. My advice to end users is to remove Java from your system and only install it when is needed to access a business critical application, then if possible run Java in a VM or an isolated environment. This is easier said than done as my Windows box had no less that 4 Java versions with various updates. I hope Oracle will assign a team of their best security engineers to Java to squash any of the remaining security issues. Until then many users will be updating Java as often as they update AV signatures.