• February 22, 2013

    Java related Malware Hits Apple Computers

    A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.   Apple has released software updates for systems running OS X Lion and Mac OS X v10.6 that will update Java to fix the security flaw, and remove the Flashback malware if it is present.  For Macs running Mac OS X v10.5 or earlier, you can better protect yourself from this malware by disabling Java in your web browser(s) preferences. In a sign of Apple’s increasing vulnerability to attacks, some Mac computers belonging to Apple employees were infected with Java-related malware when the employees visited a software development website. Apple admitted its systems were penetrated by hackers. In the wake of this attack Apple released the update to its Java package for Mac computers that can remove the most common variants of the Flashback malware. The Apple hacks happened when vulnerability in Java, from Oracle Corp., allowed hackers access to core computing systems, but the same vulnerability may also put regular PC users at risk.  A similar Java related exploit against Facebook was revealed Friday.
  • February 4, 2013

    Oracle Pushes Out New Java Update

      Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.  Released Friday, the latest critical patch update contains fixes for 50 different security flaws, 44 of which affect the use of Java as a plug-in for Web browsers. Friday’s fix was original scheduled for release on February 19. But Oracle said it decided to ramp up the schedule after finding that one of the flaws affecting the Java Runtime Environment was actively being exploited. The new update addresses that specific flaw and includes all of the fixes from January’s update.  Oracle has also been criticized in the past for not keeping Java properly protected or updated to guard against security exploits. Following a recent addition of Java to its plug-in blacklist, Apple has issued an update to its supported Java versions.  Apple issued an update that added the latest versions to the system’s browser plug-in blacklist to protect users from any potential threats; however, in doing so it silently blocked a number of people from accessing required Java content, such as banking and financial Web sites. Unfortunately the Java 7 runtime is not available for those using Snow Leopard, for which the latest version is Java 6. However, Apple has issued its own separate update to Java 6 for Snow Leopard to address the vulnerabilities in this version. The update, which should be available through its Software Update service, should run automatically or can be invoked by going to the Apple menu. Now that Java is all buttoned up with security which has been an issue for several weeks.  It will be interesting to see if any new exploits are brought to the service last time it only took 24 hours.  We will have to wait and see how...
  • January 18, 2013

    New Java Exploit

      On Sunday January 13th Oracle released two patches for Java Security Alert CVE-2013-0422 which included two vulnerabilities.  Oracle confirmed that the flaws were only present in Java 7 versions and did not impact Java on servers, Java desktop applications, or embedded Java.  Java is used in 3 billion machines, about 2 billion of which are desktop or laptop computers. In August of last year, Oracle issued an urgent fix to seal a dangerous security flaw within its Java software that’s left thousands of computers wide open to malicious attacks from hackers.  Now on the heels of Sundays patch there is again a new Java exploit. The new exploit is how ever selling on the Black market for $5000.  The vulnerability was found less than 24 hours after Oracle released its Sunday patch. The zero day exploit was sold to two people threw an underground forum.  The media and internet attention Oracle has received over Java will assure users that we can expect a patch very soon.  I recommend users disable Java in there web browsers until this Java exploit has been once again patched.
  • A new vulnerability in Java has been discovered.  The vulnerability allows an attacker to gain control of a victim’s computer. The researchers have confirmed that Java SE 5 – Update 22 (Java SE 5 build 1.5.0_22-b03) Java SE 6 – Update 35 (Java SE 6 build 1.6.0_35-b10 ) Java SE 7 Update 7 (Java SE 7 build 1.7.0_07-b10) This vulnerability is caused by a discrepancy with how the Java virtual machine handles defined data types and in doing so violates a fundamental security constraint in the Java runtime, allowing a complete bypass of the Java sandbox. The flaw allows the attacker to gain complete control of a victim’s machine through a malicious website.  Affected web browsers are Safari 5.1.7 Opera 12.02 Chrome 21.0.1180.89 Firefox 15.0.1 Internet Explorer 9.0.8112.16421 Even with fully patched Windows 7 32-bit operating systems you are susceptible to the attack. So far there are no reports of the flaw being used in any malware.  I would take a few preventative steps Reducing the number of active runtimes (code execution environments) on your system If you do not need Java uninstalling or disable it Oracle released a fix for the most critical vulnerabilities on August 30.  The last exploit would allow an attacker to use a malicious Java applet to install programs, or read and change data on the system with the privileges of the current user. But now another flaw in that fix allows a hacker to bypass the patch. That bug in Oracle’s patch still hasn’t been patched, leaving users vulnerable to both the new flaw and the previous attack.  It’s not yet known when or if Oracle will fix this issue.  Oracle has been provided with a technical overview of the bug and example code outlining the flaw but has not yet acted upon it.
  • September 22, 2012

    Disable annoying Java Update notification

    If you’re sick of getting prompted for Java Update, or if you have some web application like Banner that requires a particular version, you can use a simple registry hack to disable notification of available updates. Open the Registry Editor by going to the Start button and typing in regedt32. Navigate through to the following key: HKEY_LOCAL_MACHINESOFTWAREJavaSoftJava UpdatePolicy Change the value of EnableAutoUpdateCheck to 0 and the value of EnableJavaUpdate to 0. Java should no longer prompt you for the annoying updates.
  • April 25, 2012

    SEO Tips 4 Things that Hurt SEO

    Never Use Java Script or Java programming language it blocks meta crawlers the best sites are HTML.  Java is also slow and can make your rank lower due to performance. Flash is another problem don’t imbed your text inside of flash code the meta crawlers will have hard time reading the information and may miss content. Don’t use programs like Microsoft Paint or Photoshop to design hole pages Search Engines can’t read text built into images. Frames are not a great tag to use if you want to embed information into your site use the HTML embed tag instead of the frame tag.