Got Java? Even if you’ve applied the urgent out-of-band patch from Oracle, you may want to disable or uninstall Java itself. It turns out that the patch has its own flaws that make Java vulnerable to new attacks.
According to security experts, Oracle's Java patch resolves the multiple “zero-day” vulnerabilities currently being exploited by attacks in the wild. However, it also leaves open a vulnerability—which was discovered and reported to Oracle earlier this year—that could allow an attacker to bypass the Java sandbox protection and execute malicious code on the target system.
A new report summarizing the malware and cybersecurity trends for the second quarter of 2012 has been released. The report found the biggest spike in malware samples detected in four years, and illustrates the growing threat faced by mobile devices—particularly Android mobile devices.
There isn’t necessarily anything Earth-shattering in the quarterly report. The fact that it’s essentially more of the same, with slight variations on themes from previous quarterly reports, however, should be cause enough for concern. The bottom line message is that malicious attacks are a serious threat, and they’re not going away any time soon.
By now you should already know the basics of online security: Don’t send money to a Nigerian prince, don’t click on that picture of Britney in a bikini, and don’t run your PC without a security suite. All those basics still apply, but as technology moves forward, so do threats to your privacy and your devices. Today, we need to protect not only our computers, but also our smartphones and tablets. Fortunately, protecting yourself and all your devices can be easy with the help of some sound practices and good software. The first step, however, is to understand what threats are out there.
Never forget that your smartphone or tablet is actually a full-fledged computer in a smaller package. You can surf the web with it; check email; and use it to download and upload documents, photos, mp3s, videos, and software in the form of apps. That’s why we love handheld devices, of course, but it also means they are susceptible to attacks just like PCs are. To make matters worse, your phone or tablet can be the seed that carries an attack to all the hardware devices in your network, as well as those of anyone you email, text, or share data with.
For most people, hackers and malware are nefarious entities intent on compromising their PCs and mobile devices, and perhaps stealing some login credentials or financial details. A successful attack can be quite frustrating,--or even devastating—on a personal level, but nobody gets killed and the world goes on.
When it comes to the critical infrastructure of the nation, though, the stakes get higher. The critical infrastructure is called “critical” for a reason. An executive order signed by President Clinton in 1996 defines “critical infrastructure” as: “Certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States.”
What is your mother’s maiden name? It seems like that question has been used as secondary authentication to verify identity since the dawn of time. Over time, the authentication questions have become much more diverse. Sites now ask for things like what city you went to high school in, or who was your favorite teacher, or what was your first car.
The problem with most authentication questions, though, is that the information can often be found with a simple Google search or two. Ten years ago, or even five years ago it might have been much harder to learn the answers to such obscure questions. But, in the current age of oversharing on social networks it’s entirely possible all your intimate details are out there somewhere.
