MoD to save taxpayer up to £1 billion in a new con... » The MoD has agreed a contract to update and sustain the UK’s military air traffic management which i... Lieberman Software Privilege Management Solution... » London, UK: Lieberman Software Corporation’s privilege management product, Enterprise Random Passwor... Morocco to help United Arab Emirate to combat ter... » Washington, DC: Moroccan Minister of Foreign Affairs Salaheddine Mezouar has said Morocco will provi... "Use cameras only as necessary and proportionate r... » In view of the recent warning from the Information Commissioner’s Office (ICO), it appears the days ... Creeks in Goodluck Jonathan's Niger Delta havens f... » Ogbuefi Jonathan...Nigeria's multi-billionaire President whose little corner stinks to high hea... Leadinng forensic anthropologist receives prestigi... » Vigilance can report that leading forensic anthropologist Dr Tim Thompson has been presented with ... British soldiers make last journey home after 13 ... » Can these Afghan soldiers be entrusted with the defence of democracy and their country for long? Tim... Empello’s new guardian technology protects against... » London: Empello has announced a major leap forward in its ad monitoring capabilities. The new ‘Guar... Bash Bug laughs in the face of traditional passwor... » Utrecht/Frankfurt/London: The ease with which hackers can steal sensitive login details from compani... Encap Security incorporates convenience of Apple... » Oslo & Palo Alto: Encap Security, the first in-app authentication solution to arm banks, retailers a...

CLICK HERE TO

Viewpoints Header

In response to the news that Oracle has carried out an emergency security update on Java, Lamar Bailey, Director of Security Research and Development at nCircle has the following comments:

 

Here we go yet again. 2013 has seen a surge of critical vulnerabilities in IE, Java and Ruby on Rails. Attackers are targeting cross platform applications to try to obtain access to as many systems as possible using as few exploits as possible.

Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the security issues.

I have always thought Oracle did a good job of securing their products but I am losing some of my faith in them with the rash of Java vulnerabilities. I hope these security problems are not found in their other products. My advice to end users is to remove Java from your system and only install it when is needed to access a business critical application, then if possible run Java in a VM or an isolated environment. This is easier said than done as my Windows box had no less that 4 Java versions with various updates. I hope Oracle will assign a team of their best security engineers to Java to squash any of the remaining security issues. Until then many users will be updating Java as often as they update AV signatures.