Saturday, February 2, 2013

Why crapware still exists

Why does crapware still exist? Follow the Silicon Valley money trail | ZDNet: "Oracle this week released an update for its widely used Java software, fixing a zero-day vulnerability that was being actively exploited to install malware via drive-by downloads. But before you begin patting Oracle on the back for its quick response, note two things about that update: It might not actually fix the underlying security issues. Along with the must-install security update, Oracle continues to include crapware. Yes, adding insult to injury, Oracle is actually making money and cheapening your web browsing experience by automatically installing the Ask toolbar, which in turn tries to change your default search engine and home page. I'm ready to move Oracle's Java to the top of my Foistware Hall of Shame, alongside Adobe, for crap like this."

Password life expectancy down to seconds | ZDNet: "Deloitte touched on some of the same issues that Forrester analyst Eve Maler called out last week in her report on passwords, the fact that end-users, unfairly, bear the burden of onerous password creation rules. Maler argued that passwords are not going away and that companies need to come up with better strategies for managing passwords and password policies. Deloitte offered its own solutions, including multi-factor authentication that incorporates tokens, biometrics, and out-of-band authentication such as messages sent to a mobile phone. Deloitte also recommended best practices such as security policies and monitoring as ways to protect passwords. . . ."

VXers exploit users' confusion over Java to punt fake update • The Register: " . . . ads for a Java exploit that supposedly attacks a brand-new vulnerability were offered for sale through an underground hacking forum at $5,000 a pop. The ad has since been pulled. Although the claim from cybercrooks that they have discovered yet another unpatched Java security hole remains unsubstantiated, the potential threat is all too credible. Metasploit founder HD Moore reckons that Oracle is sitting on a backlog of Java flaws that will take up to two years to patch, even without the appearance of further problems. . . . "

more news below

No comments:

Cybersecurity - Google News

Malware - Google News

National Security - Google News

"Security Threats" - Google News

Maritime security - Google News

The State of Security

TSA - Google News

Homeland Security - Google News