Chester talks to Paul Ducklin in Sophos Security Chet Chat Episode 101.
Spend an enjoyable quarter-hour as our duo take on a range of security issues with their usual mixture of insight, expertise, scepticism, advice and occasional outright puzzlement.
If you're installing a critical security update on your computer, caused by the software vendor's sloppy code quality, you probably wouldn't dream that your software vendor is trying to make some money out of the inconvenience.
Only six weeks to go until PWN2OWN 2013, where you can hack the Big Four browsers and the Big Three plugins, and win over half a million dollars.
But is it just about the money?
Paul Ducklin investigates...
Here you go.
All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).
Serial Java fault-finder Adam Gowdiak has embarrassed Oracle yet again.
The Polish researcher is publicly bragging about two brand-new vulnerabilities he's found even since Oracle's most recent patch just a week ago.
Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit.
This one, it seems, targets an exploitable vulnerability even in Oracle's most recent release, Version 7 Update 11, aka 7u11.
"Unless it is absolutely necessary to run Java in web browsers, disable it", DHS-sponsored CERT team says
Can you really justify having Java installed on your main web browser any more? Even if you have installed the latest security patch?
It's time to rip Java out of your browser for better security... unless you have a really good reason not to.
Over the past five days, lots of you have used Naked Security to find out how to turn off Java in one of the five major browsers.
And that has given us browser statistics. There are too many variables to know what they tell us, but they do make a neat-looking graph!
Oracle has been on the ball and has already come out with a patch for the latest Java security hole.
Java 7 Update 11 fixes both CVE-2013-0422 and a second vulnerability. Find out more...
After the recent discovery of a zero-day vulnerability in Oracle's Java Web Start plugin Apple and Mozilla are now disabling Java by default until fixes are made available.
In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.
Last week Oracle released Java 7 update 10 to the world without fixing a single vulnerability. That doesn't mean there aren't serious security improvements though. New settings could make Java users much safer from here forward.
Mac malware has been found on a website related to the Dalai Lama, capable of allowing hackers to steal files and spy on keystrokes.
Oracle patches Java, then Apple issues its own updates. You can never be quite sure how long that's going to take.
This month, it all happened pretty quickly - and Apple took the opportunity to kick Java out of your browser at the same time...
As someone looking after IT for your company, how do you react to reports of vulnerabilites like those seen recently in Java and Internet Explorer?