Blog Posts Tagged with "Java"

413b3c848ce6956827c9c877d400f18c

Plugging Java’s Holes - Is There a Practical Fix?

September 18, 2013 Added by:Scott Petry

Developers love Java. But its security problems have gotten out of hand. Is there a practical fix?

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Advice Regarding Recent Java Vulnerabilities

October 17, 2012 Added by:Fergal Glynn

By now, our readers have undoubtedly seen the buzz about a serious security vulnerability in Oracle Java, with corresponding exploit code making its way around in the form of active, in-the-wild attack campaigns, as well as penetration testing tools...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Java in the Cross-Hairs of Enterprise Security

September 26, 2012 Added by:Rafal Los

Enterprises seem to have a love-hate relationship with Java. It's a client we aren't thrilled with, but when it comes to cross-platform use there aren't really any other alternatives. If you look around you'll find that many of the security platforms are written in what? Java...

Comments  (0)

32137b352537f11c1efe063869f00e0e

Java, Flash, and the Choice of Usability Over Security

September 10, 2012 Added by:Le Grecs

Convenience vs. Security: My goal of not installing Flash and Java on a new system didn't last more than a few hours. Yet, as infosec professionals, following the disable unnecessary services philosophy, we advise not installing these types of applications for security reasons...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Hackers Grabbed Twelve Million Apple IDs from FBI

September 05, 2012 Added by:Dan Dieterle

Is the information legit? If so, why would an FBI agent have a list of twelve million Apple ID’s which in some cases can be used to access information just as a password would? And how did the hacker group exploit this particular agent’s laptop and recover information from it?

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

No Copyrights on APIs: Judge Defends Interoperability and Innovation

June 18, 2012 Added by:Electronic Frontier Foundation

Judge Alsup, a coder himself, got it right when he wrote that “copyright law does not confer ownership over any and all ways to implement a function or specification of any and all methods used in the Java API.” It's a pleasure to see a judge so fundamentally understand the technology at issue...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

RedKit Private Exploit Tool Emerges in the Wild

May 04, 2012 Added by:Headlines

"RedKit is armed with two of the most popular exploits... The first exploit is a fairly obfuscated PDF file that exploits the LibTIFF vulnerability..." The second is the "latest Java exploit, dealing with the AtomicReferenceArray vulnerability..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Analyze Flashback Trojan Botnet Traffic

May 01, 2012 Added by:Headlines

Researchers, who successfully tool over C&C servers, noted that nearly two out of three infected systems are running Snow Leopard OS X 10.6 which included Java preinstalled. Less vulnerable are systems running Lion OS X 10.7, unless users manually downloaded Java after purchase...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Multi-Platform Malware Targets Both Widows and Mac OS

April 27, 2012 Added by:Headlines

"If the threat is running on a Mac operating system, it downloads a dropper type malware written in Python. However, if the threat is running on a Windows operating system, it downloads a standard Windows executable file dropper. Both droppers drop a Trojan horse program..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

IC3: Blackhole Exploit Kit 1.2.3 Released

April 26, 2012 Added by:Headlines

Blackhole, the most widely purchased exploit pack in the underground market, is a toolkit that is injected into malicious and/or compromised websites, allowing the attacker to push a variety of exploits targeting vulnerabilities of popular applications like Java and Flash...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Flashback - Are You Joking? There is No Malware for Mac!

April 23, 2012 Added by:Plagiarist Paganini

We must remember that in any software there will be vulnerabilities that could be exploited for criminal purposes. To give you an immediate idea of the malware available for the Mac environment, I produced a table that lists the main agents detected by a well known antivirus...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

SabPub - The Latest Mac OS X Backdoor Java Exploit

April 16, 2012 Added by:Headlines

"This new threat is a custom OS X backdoor, which appears to have been designed for use in targeted attacks... The backdoor contains functionality to make screenshots of the user’s current session and execute commands on the infected machine..."

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

One-Day Exploits, Binary Diffing and Patch Management

April 05, 2012 Added by:Plagiarist Paganini

One-Day exploits have a reduced possibility of success due the potential for patching by a target, but the attacks are still insidious and cheaper in comparison to Zero-Days - it's quite simple to retrieve the information on the internet and use tools to commit the attacks...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple: Critical Update for Java for OS X Lion and Mac OS X

April 04, 2012 Added by:Headlines

"Vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution..."

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Top Ten Java Frameworks Observed in Customer Applications

February 08, 2012 Added by:Fergal Glynn

One of the things we record when scanning applications is the presence of frameworks and other supporting technologies, and we’ve been at work mining that data to understand what developers use to build their applications. We’d like to share some of that research with you today...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

The CERT Oracle Secure Coding Standard for Java

October 18, 2011 Added by:Ben Rothke

The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...

Comments  (0)

Page « < 1 - 2 > »