Apple's Java sabotage is bad IT business

Apple's Java sabotage is bad IT business

Apple's handling of the Java vulnerability provides a textbook example of what not to do in a production environment

In case you weren't paying attention, last week Apple decided to disable all but the most recent Java browser plug-ins on just about every Macintosh everywhere, without telling anyone. The Java vulnerability that led to the decision is very real. It was coupled, though, with the assumption that its customers -- forgive me, its licensees -- lack the judgment necessary to make this decision for themselves.

To be fair, many of Apple's consumer licensees probably lack the expertise needed to make an informed decision. For many, that's why they bought Macs instead of some form of Windows PC in the first place.

But its enterprise licensees? That's a different matter altogether.

Continue Reading: Apple's Java sabotage is bad IT business

Why fixing the Java flaw will take so long

"By now you've heard about the latest, very serious problem with Oracle's Java runtime. You may also have heard that it could take a very long time to fix. Here's why: The flaw uncovered by security researchers last week devolves not to one issue, but to a series of issues, one knocking into the other like dominoes. Oracle has fixed one of the dominos with a patch, but there are likely to be other ways to tip over the entire row.

Emergency response
The vulnerability patched by Oracle resides in a version of Java 7 designed to extend Web browsers. The defect made it possible for a malicious Java applet on a Web page to execute arbitrary code on the underlying computer.

While this sort of defect would usually be kept secret until a fix was available, it was disclosed last week because malicious crackers had already found the defect and were exploiting it as part of a dirty-tricks toolkit used by scammers and other thieves, giving Oracle zero days to fix the code. As more researchers evaluated this "zero-day exploit," it became clear it was exceptionally serious.

With terrific speed, Oracle's engineers created a fix for the problem over the weekend andreleased it Monday. Yet security researchers weren't impressed. Why was that? I asked Oracle to brief me, but I was refused and simply referred to a blog posting on the subject, which offered little explanation.

Instead I turned to the open source community for help. Java 7 is actually based on an open source project called OpenJDK, and Oracle had also released patches for that. I was able to quickly find explanations of both the defect and the fix."

Read the full article at http://www.infoworld.com: Why fixing the Java flaw will take so long

Oracle Knew About Currently Exploited Java Vulnerabilities for Months, Researcher Says

Oracle knew since April about the existence of the two unpatched Java 7 vulnerabilities that are currently being exploited in malware attacks, according to Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations. Read More Click here

 Oracle’s emergency Java patch opens the door to more vulnerabilities After an exploit in the latest Java 7 framework was discovered, Oracle (ORCL) responded with an emergency patch to fix the problem. Read More Click here

 Internet Explorer Zero-Day Flaw Exploited by Same Java Gang Attackers are exploiting a new security vulnerability in Internet Explorer and security experts are recommending users stop using IE until the flaw is patched. Read More Click here

CRIME update, massive JAVA exploit, Samsung's remote wipe issue, Your questions, and more.

Researcher digs up another zero-day Java bug

Computerworld - A security researcher known for finding Java bugs has uncovered a new critical zero-day vulnerability in all currently-supported versions of the popular Oracle software.

The bug, which was publicly reported on the Full Disclosure security mailing list Tuesday by Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations, can be leveraged to hijack a machine equipped with Java, letting attackers install malware on the system.

Windows PCs and Macs are equally at risk if their users have installed Java, or in the case of OS X, are running 10.6, aka Snow Leopard, or earlier. Snow Leopard was the last edition where Apple bundled Java with the operating system.

All currently-support versions of Java, including Java 5, Java 6 and Java 7, contain the bug.

Read more about a researcher digs up another zero-day Java bug

Skype Outage Lesson: Don't Rely On Consumer Services For Business Functions

Looking for reliable digital voice and video service?

Then click here to check out the IRIS 5000!

Bad Security?

It seems like a never ending cat and mouse game between the hackers and the software programmers. To be sure much if the holes boil down to bad programing habits and also lack of imagination as it why on earth would some one do that? 

Microsoft Windows XP is a very popular OS and its very common so no surprise this week when "a Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both enlightening and frightening." It very common for an novice computer user to buy a computer and toss it on the Internet with out patching it. "After all who has time for that I have work to do!" I have been told my more then one manager the he was frustrated that I was always patching systems. "After all I can just go down to the computer store an buy a computer from the store and it's ready to go!" Scary right? Well all too common a mind set that IT Pro have to deal with.

This week a hacker found over 492,000 unprotected Oracle & Microsoft SQL database servers connected directly to the internet an not even protected by a firewall. True even with a good firewall it's possible to use an SQL injection attack to nuke a database. But IMHO some security is better then none at all. 

Even if you use a smart phone you may not be totally safe. Before Apple released the iPhone 1.1.2 patch there was a security hole that users we using to add software to their iPhone. The Fast Company recently published a story about how it might be possible to hack an iPhone. Click here to see the video.

Chris | Live Tech Support | Video Help | Add to iTunes