Tokenless two-factor authentication defies “Heartb... » London: The existence of Heartbleed, a vulnerability in the OpenSSL open source software, was recent... Advanced application security now standard on Barr... » Basingstoke:  Barracuda Networks, Inc. has announced that it will offer advanced application securit... Check Point provides multiple protections against ... » Check Point has announced that its network security products offer multiple protections against the ... Tyco UAE and CNL Software partner for major UAE pr... » CNL Software has partnered for an iconic security management project with Tyco Fire & Security UAE, ... Cubic unveils new corporate branding » SAN DIEGO, Calif.: Cubic Corporation has introduced its new corporate brand identity. The name Cubic... Taxware acquires VAT Resource...enhances value add... » Wilmington, MA.: axware, a global provider of sales, use and value added tax (VAT) compliance softwa... Courion expands international footprint with two n... » London, UK: Courion has announced two new hires in the UK and the Middle East to help boost its stra... Skyscape sponsors race across America team in supp... » London: Skyscape Cloud Services Limited has announced that it is supporting the London Pride Spinhal... gateprotect becomes a Member of the German Allianc... » Hamburg: gateprotect AG Germany, Germany’s leading independent IT security specialist, has been admi... Building big ideas from small bricks: COPA-DATA la... » Since the beginning of April, LEGO bricks have been taking over the desks and offices of students, e...

CLICK HERE TO

Viewpoints Header

In response to the news that Oracle has carried out an emergency security update on Java, Lamar Bailey, Director of Security Research and Development at nCircle has the following comments:

 

Here we go yet again. 2013 has seen a surge of critical vulnerabilities in IE, Java and Ruby on Rails. Attackers are targeting cross platform applications to try to obtain access to as many systems as possible using as few exploits as possible.

Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the security issues.

I have always thought Oracle did a good job of securing their products but I am losing some of my faith in them with the rash of Java vulnerabilities. I hope these security problems are not found in their other products. My advice to end users is to remove Java from your system and only install it when is needed to access a business critical application, then if possible run Java in a VM or an isolated environment. This is easier said than done as my Windows box had no less that 4 Java versions with various updates. I hope Oracle will assign a team of their best security engineers to Java to squash any of the remaining security issues. Until then many users will be updating Java as often as they update AV signatures.