Java
SSCC 101 - Private things made public, the Java saga, PWN2OWN, and precision versus accuracy
Chester talks to Paul Ducklin in Sophos Security Chet Chat Episode 101.
Spend an enjoyable quarter-hour as our duo take on a range of security issues with their usual mixture of insight, expertise, scepticism, advice and occasional outright puzzlement.
Oracle, please stop sneakily foisting third-party toolbars on us with your Java updates
If you're installing a critical security update on your computer, caused by the software vendor's sloppy code quality, you probably wouldn't dream that your software vendor is trying to make some money out of the inconvenience.
PWN2OWN - hack the Big Four browsers in public and go home with half a million dollars
Only six weeks to go until PWN2OWN 2013, where you can hack the Big Four browsers and the Big Three plugins, and win over half a million dollars.
But is it just about the money?
Paul Ducklin investigates...
Monday review - the hot 31 stories of the week
Here you go.
All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).
Java hacker boasts of finding two more unpatched holes
Serial Java fault-finder Adam Gowdiak has embarrassed Oracle yet again.
The Polish researcher is publicly bragging about two brand-new vulnerabilities he's found even since Oracle's most recent patch just a week ago.
Yet ANOTHER Java zero-day claimed - but this time you're laughing, right?
Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit.
This one, it seems, targets an exploitable vulnerability even in Oracle's most recent release, Version 7 Update 11, aka 7u11.
Java is not JavaScript - tell your friends!
Some people are worried that turning off Java also turns off JavaScript.
Despite their names, Java and JavaScript are completely different, and turning off Java will not turn off JavaScript.
"Unless it is absolutely necessary to run Java in web browsers, disable it", DHS-sponsored CERT team says
Can you really justify having Java installed on your main web browser any more? Even if you have installed the latest security patch?
It's time to rip Java out of your browser for better security... unless you have a really good reason not to.
Fun with statistics: Who hates Java the most?
Over the past five days, lots of you have used Naked Security to find out how to turn off Java in one of the five major browsers.
And that has given us browser statistics. There are too many variables to know what they tell us, but they do make a neat-looking graph!
Monday review - the hot 22 stories of the week
Here you go.
All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).
Oracle releases patch for latest Java hole - update now!
Oracle has been on the ball and has already come out with a patch for the latest Java security hole.
Java 7 Update 11 fixes both CVE-2013-0422 and a second vulnerability. Find out more...
Apple and Mozilla - 'Just say no to Java'
After the recent discovery of a zero-day vulnerability in Oracle's Java Web Start plugin Apple and Mozilla are now disabling Java by default until fixes are made available.
Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B
In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.
Monday review - the hot 17 stories of the week
OK, these aren't just the hot 17 stories of the past week, but of the two weeks before that, too.
If, like us, you've been enjoying some downtime over the Christmas and New Year holidays, here's your quickest way to get back up to speed with Naked Security...
Java 7 update 10 introduces important new security controls
Last week Oracle released Java 7 update 10 to the world without fixing a single vulnerability. That doesn't mean there aren't serious security improvements though. New settings could make Java users much safer from here forward.
Dockster Mac malware found on Dalai Lama-related website
Mac malware has been found on a website related to the Dalai Lama, capable of allowing hackers to steal files and spy on keystrokes.
Monday review: the hot 31 stories of the week
It's time for this week's Monday review: all our stories from the past seven days.
Enjoy!
Apple gets aggressive - latest OS X Java security update rips out browser support
Oracle patches Java, then Apple issues its own updates. You can never be quite sure how long that's going to take.
This month, it all happened pretty quickly - and Apple took the opportunity to kick Java out of your browser at the same time...
Practical IT: What is your company's threat response strategy?
As someone looking after IT for your company, how do you react to reports of vulnerabilites like those seen recently in Java and Internet Explorer?
Monday review: the hot 26 stories of the week
Here's a list of all the stories we've written in the last week, in case you missed any (or if you just want to read them again).
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
