Becrypt continues expansion in US with appointme... » Seeds of Genius, a specialist supplier to Federal Government and DOD, has joined the fast-growing nu... Lancope Strengthens Cisco pxGrid Support for faste... » LONDON (UK): Lancope, Inc.is providing tight product integration with the new Cisco Identity Service... International SOS and Vismo in joint partnership t... » York, UK: International SOS, the world's leading medical and security services company, and Vismo, a... Tech Mahindra selects Qualys to expand global IT s... » REDWOOD CITY, Calif.: Qualys, Inc. has announced a strategic partnership with Tech Mahindra , a mult... Barracuda launches SignNow Appliance » Barracuda Networks has launched the Barracuda SignNow version 4.0 and the new Barracuda SignNow Appl... Boston Networks design, deliver and maintain Intel... » Regarded as the world’s most prestigious team golf event, Boston Networks delivers a full turnkey so... British Parliament tells Teeside University to sta... » Ground-breaking research at Teesside University which has been described as the “holy grail” of crim... Army Officer wins engineering Modern Day Visionary... » Source: MoD AIRCRAFT Engineering Officer Major Oli Morgan has been named as the 2014 Modern Day V... Electronic I.D. Card project in Nigeria: How not t... » President Goodluck Jonathan recently launched a MasterCard-branded Nigerian National Electronic I.D ... Do you know which smartphone is the most popular s... » Surprisingly, it’s not the iPhone, LG, Huawei or HTC and Windows Phone hardly gets a look in. Even t...

CLICK HERE TO

Viewpoints Header

In response to the news that Oracle has carried out an emergency security update on Java, Lamar Bailey, Director of Security Research and Development at nCircle has the following comments:

 

Here we go yet again. 2013 has seen a surge of critical vulnerabilities in IE, Java and Ruby on Rails. Attackers are targeting cross platform applications to try to obtain access to as many systems as possible using as few exploits as possible.

Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the security issues.

I have always thought Oracle did a good job of securing their products but I am losing some of my faith in them with the rash of Java vulnerabilities. I hope these security problems are not found in their other products. My advice to end users is to remove Java from your system and only install it when is needed to access a business critical application, then if possible run Java in a VM or an isolated environment. This is easier said than done as my Windows box had no less that 4 Java versions with various updates. I hope Oracle will assign a team of their best security engineers to Java to squash any of the remaining security issues. Until then many users will be updating Java as often as they update AV signatures.