Security Advisor

Is Your Java Up To Date?

According to a Rapid7 researcher, only 38 percent of those running the Java Runtime Environment have updated to the newest version of the software -- and the number only reaches that high after a patch has been out for six months.

What's even scary is in the first month of a Java update, the adoption rate is below 10 percent.

What's so alarming about this? Take the latest news that code for successfully exploiting a Java flaw has been added to the well-known hacker toolkit called BlackHole. The vulnerability in question allows hackers to bypass Java's sandbox and load up an unsuspecting user's computer with malware.

However, there's an easy way to avoid this attack that has been seen running wild online: update your Java! The newest version of Java, which was released Feb. 15, will keep you protected from falling victim to this exploit. However, according to security researcher estimates, only a little more than 10 percent of you are protected.

Oracle needs to take a page out of Mozilla's book and silently push these updates to everyone on release. I'm pretty sure something as simple as an update to Java doesn't need the rigorous testing period that's reserved for "critical" Windows fixes.

Actually, speaking of Mozilla, it has blacklisted any outdated version of Java in its Firefox Web browser (I found this out last night. Apparently the Java on my home PC had evaded updates since last June.)

When do you update your Java? When a patch is released? When you remember?  Want to shame me for being part of the 70 or so percent with an out-of-date Java? Let me know at cpaoli@1105media.com.

Used Xbox May Hide Your Credit Card Info
Researchers from Drexel University in Philadelphia are warning that you may be handing hackers your wallet when you decide to sell your used Xbox 360.

The group found that even after a system has been set back to its default manufacturer settings, crafty crooks can use readily available mods and hacking tools to retrieve your credit card information from the video game console's hard drive.

They came to this conclusion by purchasing a preowned Xbox 360 and snagging the last owner's credit card digits with what they called "basic hacking tools."

Microsoft responded to the claim a bit strangely this week: it both denied that this was possible and that it was investigating to see if the claim was true. So which one is it? Is it not possible to pull off user info from a formatted hard drive or does Microsoft need more time to investigate? It can't be both.

Luckily (or unluckily) for me, as someone who used to game on the Xbox 360, there's no way they can get my information. I've repurchased the system three times, and all three have died of hardware failure. Now if thieves want to break into my closet, snag my broken pile of consoles, get them up and running and try to steal my information, more power to them.

For those rare individuals who have an Xbox 360 that still is in working condition (why can't I keep one of these running properly, yet my Nintendo Entertainment System still works perfectly more than 20 years later?) and would like to make a few bucks selling it, the researchers at Drexel advises you reset the console to factory setting, hook up the hard drive to a PC and use a third-party tool to purge all information completely.

While you take the time (hopefully) to follow safe security practices with your PC and business network, do you bring that vigilance to your personal entertainment devices? Let me know at cpaoli@1105media.com.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

comments powered by Disqus

MCPMag.com

Sign up for our newsletter.

I agree to this site's Privacy Policy.

Upcoming Events