Monday, October 18, 2010

Oh Java, Why Do You Hate Us?

Brian Krebs, writing in his Krebs on Security blog, comments on reports from Microsoft that the number of attacks against Java vulnerabilities has overtaken attacks against Adobe products. Adobe is obviously breathing a sigh of relief.

Says Krebs:

My research shows the reason for the spike, and it precedes the 3rd quarter of 2010: Java exploits have been folded into a number of the top “exploit packs,” commercial crimeware kits sold in the hacker underground that make it simple to seed hacked or malicious sites with code that exploits a variety of browser flaws in a bid to install malware.

All automation, all the time. Point and click assaults on known threat vectors. If you install it, they will come.

I'm less concerned because I run Linux boxes, but I still exercise caution with the Java in my environment. Relying on Java's auto-update feature has proven woefully inadequate.

Krebs has previously recommended removing Java from your machine if possible, but it's so intertwined with browsers and third-party apps that successfully getting Java off and keeping it off is a Herculean task.



No comments:

Post a Comment

Please tell me what you think.