Java Today
Sun Microsystems released Java in 1995 as a technology for building applications that could run on any platform, including Windows, Macintosh and Linux. In its heyday, major browsers embraced Java for running applets within pages. All anyone needed was a browser plug-in for executing programs.
Today, that plug-in has become a top security risk, along with Adobe Flash. Partly to blame for the problem is Oracle, which acquired Sun and its invention in 2009. The database vendor has heightened the risk by failing to launch timely patches.
The latest security meltdown is a case in point. Despite being warned in April of critical vulnerabilities, Oracle did not get around to releasing an emergency patch until last week, after reports that cyber-criminals were exploiting the flaws. Security Explorations, the Polish firm that first reported the vulnerabilities to Oracle, later said the patch contained a flaw that could be used to circumvent the fix.
The Latest Threats
In the meantime, criminals are having a field day. Atif Mushtaq, security researcher at FireEye, says the number of computers infected with malware exploiting the flaws is growing. As of Tuesday, up to a quarter-million computers had been infected. Hackers are at an advantage because computers users are laggards when it comes to applying Java patches. Up to 60 percent of Java installations are never updated to the latest version, according to security vendor Rapid7.
Over the just-past Labor Day weekend, the SANS Institute’s Internet Storm Center and Websense reported finding separate phishing campaigns trying to lure people to malicious sites capable of exploiting the vulnerabilities. SANS discovered link-carrying emails that copied a recent Microsoft message about service agreement changes. Websense found emails disguised as order verification messages from Amazon.
To read the complete article by Antone Gonalvesl, click here.
