Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Java CPU
Released This Week – 14 Bugs
Squashed – Please Update Now!

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus …

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Huge Month for Patches —
  and Much More
Time to Patch It Up

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus …

> Read More

July Java Jamboree

The latest Critical Patch Update (CPU) from Oracle has been released today. Based on the pre-release information, the July 2014 CPU contains 113 new security vulnerability fixes, covering everything from its flagship database and Fusion Middleware to Hyperion and Solaris. [See update below.]

Of particular interest to endpoint administrators will be the 20 vulnerabilities in Java SE.

> Read More

Java on XP?

Is it still supported, and what should you do about it?

Well done to Oracle, which has successfully managed to confuse everyone about what the situation is regarding whether Java (a development platform with a long history of security holes) will continue to be properly supported on Windows XP (an operating system with a long history of security holes,

> Read More

WinXP and Java: Double the Risk, Double the Fun

Another reason, as if you needed one, to upgrade your WinXP systems: Java 8 – the latest version is 8u5 – has compatibility issues, and Java 7 – the latest version of which is 7u60 – is no longer supported on WinXP.

As Oracle has put it: “Users may still continue to use Java 7 updates on Windows P at their own risk,

> Read More

Isn’t It Time Oracle Gave Us Monthly Security Updates for Java?

In some ways, it could be argued that Java is an incredible success.

I’m serious. Stop laughing at the back.

You see, according to Oracle, Java’s developer, the product is used on over 3 billion different devices worldwide. That *is* impressive.

But, for those of us concerned with securing systems and keeping computer data safe,

> Read More

Defending Against Java

Java offers enterprises the ability to write code once and run it everywhere.  However, this flexibility comes with a high cost: reduced security on endpoints. It has lately gotten so bad that Java has been nicknamed Just Another Vulnerability Announcement. Oracle has been working to produce updates to Java that addresses these vulnerabilities,

> Read More

Much Ado About Java

So, have you seen the latest about Java? Seems most organizations are still running (really) old versions. And even the current version has what is technically known as a shit-ton of zero-day vulnerabilities. And so Oracle is changing their vulnerability numbering system to accommodate all of them, in addition to taking other steps surrounding Java security.

> Read More

Ten Bulletins This May Patch Tuesday; But Don’t Get Excited

While 10 patches covering 33 vulnerabilities may seem like a high number, it isn’t all bad news for IT professionals this May Patch Tuesday. Only two of the 10 patches released today are critical and both impact Microsoft Windows and Internet Explorer. The two critical-rated patches address the IE 8 zero-day that made news after attacking a website belonging to the U.S.

> Read More

Patch Tuesday Not Too Taxing For IT This Month, Despite Heavy Patch Count

It’s another heavy month of patches this month from Microsoft. There are 9 bulletins, with 2 critical and 7 important. While 9 may seem like a lot, there are a few pieces of good news this month. First, there are only 2 critical bulletins and most of the patches are rated important. Second, most of the impact is on the legacy code base,

> Read More

Déjà Vu, Apple Dangerously Out Of Sync With Oracle Patch

Back in March of this year Apple users were left woefully exposed when Apple fell out of sync with Oracle on Java patching. The issue led to some 600,000 Apple users being infected with the Flashback Trojan. The fix for Java had been provided by Oracle back in February and the delay in providing the patch to their users is credited with the rapid high infection rate of Flashback among Apple users.

Patch Tuesday August 2012: Something Old, Something New and a Little Something to Make You Blue

Several reboots affecting all versions of Windows makes August a busy patch month. Microsoft updates include patches to new problems, updates to old problems and something that may cause more work than you may have been anticipating this month.

Prioritizing the Patches

There are nine security bulletins this Patch Tuesday, five critical and four important.

> Read More

July 2010 Patch Tuesday Security Briefing

Microsoft announced that they have released four security bulletins to address five separate current vulnerabilities. Especially concerning this month is the fact that all three bulletins rated “critical” also rate a “1” on Microsoft’s exploitability index (with MS10-042 addressing a vulnerability that is actively being exploited.)  Additionally, MS10-043 requires a reboot and affects Windows Server 2008 64-bit machines,

> Read More

A Double Whammy Patch Tuesday from Microsoft and Oracle

Microsoft announced that they have released four security bulletins to address five separate current vulnerabilities. Especially concerning this month is the fact that all three bulletins rated “critical” also rate a “1” on Microsoft’s exploitability index (with MS10-042 addressing a vulnerability that is actively being exploited.)  Additionally, MS10-043 requires a reboot and affects Windows Server 2008 64-bit machines,

> Read More