Java
SSCC 101 - Private things made public, the Java saga, PWN2OWN, and precision versus accuracy
Chester talks to Paul Ducklin in Sophos Security Chet Chat Episode 101.
Spend an enjoyable quarter-hour as our duo take on a range of security issues with their usual mixture of insight, expertise, scepticism, advice and occasional outright puzzlement.
"Unless it is absolutely necessary to run Java in web browsers, disable it", DHS-sponsored CERT team says
Can you really justify having Java installed on your main web browser any more? Even if you have installed the latest security patch?
It's time to rip Java out of your browser for better security... unless you have a really good reason not to.
Apple and Mozilla - 'Just say no to Java'
After the recent discovery of a zero-day vulnerability in Oracle's Java Web Start plugin Apple and Mozilla are now disabling Java by default until fixes are made available.
Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B
In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.
Monday review - the hot 17 stories of the week
OK, these aren't just the hot 17 stories of the past week, but of the two weeks before that, too.
If, like us, you've been enjoying some downtime over the Christmas and New Year holidays, here's your quickest way to get back up to speed with Naked Security...
Java 7 update 10 introduces important new security controls
Last week Oracle released Java 7 update 10 to the world without fixing a single vulnerability. That doesn't mean there aren't serious security improvements though. New settings could make Java users much safer from here forward.
Dockster Mac malware found on Dalai Lama-related website
Mac malware has been found on a website related to the Dalai Lama, capable of allowing hackers to steal files and spy on keystrokes.
Fake Apple invoices lead to Blackhole exploit kit that drains your bank account
A new round of spams proclaims you have been charged for a large purchase from Apple.
All links lead to webpages infected with the Blackhole exploit kit. Be cautious with your online shopping this holiday season.
Blackhole exploit kit confusion. Custom builds or copycats?
Are some of the different variants of Blackhole exploit kit that SophosLabs are seeing actually new versions of this popular Exploit kit? Or simply copycats created by other groups?
Monday review: the hot 31 stories of the week
It's time for this week's Monday review: all our stories from the past seven days.
Enjoy!
Apple gets aggressive - latest OS X Java security update rips out browser support
Oracle patches Java, then Apple issues its own updates. You can never be quite sure how long that's going to take.
This month, it all happened pretty quickly - and Apple took the opportunity to kick Java out of your browser at the same time...
Practical IT: What is your company's threat response strategy?
As someone looking after IT for your company, how do you react to reports of vulnerabilites like those seen recently in Java and Internet Explorer?
Monday review: the hot 26 stories of the week
Here's a list of all the stories we've written in the last week, in case you missed any (or if you just want to read them again).
New security hole found in multiple Java versions
The same team of Polish researchers who discovered a critical security hole in Oracle’s Java software say that they uncovered another such hole, which could be used to bypass the secure application “sandbox” on most recent versions of Java.
Monday review: the hot 20 stories of the week
In case you missed any of these stories, here's everything we wrote in the last seven days.
12 million iPhone and iPad device IDs hacked from the FBI, Anonymous claims
Hackers claim to have stolen a database of 12,367,232 Apple device IDs, and personal information such as full names, cellphone numbers, addresses and zipcodes belonging to iPhone and iPad users.
And where do they claim they stole this information? From an FBI laptop... via a Java vulnerability.
Attacks on Java security hole hidden in bogus Microsoft Services Agreement email
Online scammers are using a recent email from Microsoft Corp. as bait in a widespread phishing campaign that exploits vulnerabilities in Oracle’s Java software to install malicious programs on vulnerable systems.
Monday review: the hot 27 stories of last week
It's weekly roundup time - here's everything we published in the last seven days.
Sophos Techknow - All about Java
Java brings with it some significant risks, yet for many people, it's "just there on my computer."
In this episode, Duck and Chet tell you All about Java, and help you to make an informed decision in balancing its risks and rewards at work and at home.
Oracle releases out of cycle fixes for Java
Oracle has released an emergency update fixing four vulnerabilities affecting both Java 6 and Java 7 users.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
