DHF helps BBC TV's Watchdog expose rogue garage do... » Watchdog, the BBC TV consumer programme that exposes rogue traders, called on the DHF (Door & Hardwa... IGEL launches Next-Generation Universal Desktop ... » Reading: IGEL Technology has announced the introduction of its next-generation IGEL Universal Deskto... Intelliflo partners with Adapt to bring managed ... » London: Intelliflo has incorporated a managed Security-as-a-Service solution into its portfolio from... OEB: OECD Education Chief in Plea for Investment i... » A widening gap between rapid technological development and the skills necessary for the 21st century... Gallagher Mobile Connect launched » Hamilton, NZ.: Gallagher has announced the global release of its latest state-of-the-art mobile secu... Options completes major trading platform migr... » New York, London: Options has announced the successful platform migration for quantitative trading h... BeyondTrust adds File Integrity Monitoring for Uni... » PHOENIX: BeyondTrust has announced PowerBroker for Unix & Linux 9.4. PowerBroker, the most mature Un... Sopra Steria achieves AWS Financial Services Com... » London, UK: Sopra Steria has achieved Amazon Web Services (AWS) Financial Services Competency status... Intelliflo partners with Adapt to bring managed ... » London: Intelliflo has incorporated a managed Security-as-a-Service solution into its portfolio from... GOVERNMENT SUPPORTS ‘AWARDS FOR VALOUR (PROTECTION... » ir Michael Fallon, British Defence Secretary Vigilance can report that new proposals will make it...

CLICK HERE TO

Viewpoints Header

In response to the news that Oracle has carried out an emergency security update on Java, Lamar Bailey, Director of Security Research and Development at nCircle has the following comments:

 

Here we go yet again. 2013 has seen a surge of critical vulnerabilities in IE, Java and Ruby on Rails. Attackers are targeting cross platform applications to try to obtain access to as many systems as possible using as few exploits as possible.

Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the security issues.

I have always thought Oracle did a good job of securing their products but I am losing some of my faith in them with the rash of Java vulnerabilities. I hope these security problems are not found in their other products. My advice to end users is to remove Java from your system and only install it when is needed to access a business critical application, then if possible run Java in a VM or an isolated environment. This is easier said than done as my Windows box had no less that 4 Java versions with various updates. I hope Oracle will assign a team of their best security engineers to Java to squash any of the remaining security issues. Until then many users will be updating Java as often as they update AV signatures.