TOP BUSINESSES SHORTLISTED FOR INDUSTRY AWARDS » 21 leading businesses from across the engineering and electrotechnical services sector have been sho... ECA PRESIDENT OPTIMISTIC ON BUSINESS OUTLOOK AS ... » Dave Kieft, the outgoing President of the Electrical Contractors’ Association (ECA), believes there ... Armour Comms launches industry leading secure Grou... » London: In direct response to customer demand, Armour Communications has announced the availability ... TDSi Supports Education Programme at IFSEC Inter... » Poole: Integrated security manufacturer TDSi will be sponsoring the Tavcom Training Theatre at IFSEC... 'POWER PLAYERS' INITIATIVE OPENS TO ENTRIES » Leading younger people from across the engineering services sector have a new opportunity to be reco... Multitone launches comprehensive EkoCare Communi... » Multitone Electronics plc has announced the launch of its new EkoCare range for healthcare facilitie... Momentum builds as Critical Communications World d... » Critical Communications World (May 16-18, Hong Kong) is the leading and most influential congress an... New initiative shows increasing importance of CSR » A major new survey on corporate social responsibility (CSR) is now open to electrotechnical busine... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTORA... » SERIES: BUHARISM AND THE FIERCE URGENCY OF NOW A treatise on pastoral jihadism, islamism, arabism a... Commvault partners with Pure Storage » Cisco Live, Melbourne, AU and Tinton Falls, NJ: Commvault has announced the integration of its Commv...

CLICK HERE TO

SOCIAL BOOKMARK

Viewpoints Header

In response to the news that Oracle has carried out an emergency security update on Java, Lamar Bailey, Director of Security Research and Development at nCircle has the following comments:

 

Here we go yet again. 2013 has seen a surge of critical vulnerabilities in IE, Java and Ruby on Rails. Attackers are targeting cross platform applications to try to obtain access to as many systems as possible using as few exploits as possible.

Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the security issues.

I have always thought Oracle did a good job of securing their products but I am losing some of my faith in them with the rash of Java vulnerabilities. I hope these security problems are not found in their other products. My advice to end users is to remove Java from your system and only install it when is needed to access a business critical application, then if possible run Java in a VM or an isolated environment. This is easier said than done as my Windows box had no less that 4 Java versions with various updates. I hope Oracle will assign a team of their best security engineers to Java to squash any of the remaining security issues. Until then many users will be updating Java as often as they update AV signatures.