Tuesday, June 08, 2010
out of date Java virtual machines blamed for browser security problems
Brian Krebs recently published an article on how web hackers are most successful at breaking into computers via the web browser.
Java applets were slightly ahead of Adobe fare this time.
Obviously, people need to keep updating their Java on their computer or turn it off or remove it until they can start updating it again regularly. Java on Windows has come with a tool for a long time that automatically alerts you when your Java is out of date and offers to update it for you. So I am not sure what the problem is.
Adobe has one for Flash, but ironically it only works if you have Flash turned on and is in fact written in Flash. It is boondoggles like this that make it fairly certain that Adobe does not yet get the problem of Flash security.
Other surprising facts in the article is that it is apparently easier for hackers to hack a computer if it is running IE 8 than IE 7, despite IE 8 being a lot newer. The trend does not look like newer versions of IE being safer.
The underlying problem is of course bugs. Many security problems arose out of nowhere with the web. They have nothing to do with the Internet itself, the underlying HTML/CSS standards or the HTTP web protocol. They have everything to do with buggy software that reads and presents HTML, CSS, PDF, applets, Silverline, Flash, etc.
Java applets were slightly ahead of Adobe fare this time.
Obviously, people need to keep updating their Java on their computer or turn it off or remove it until they can start updating it again regularly. Java on Windows has come with a tool for a long time that automatically alerts you when your Java is out of date and offers to update it for you. So I am not sure what the problem is.
Adobe has one for Flash, but ironically it only works if you have Flash turned on and is in fact written in Flash. It is boondoggles like this that make it fairly certain that Adobe does not yet get the problem of Flash security.
Other surprising facts in the article is that it is apparently easier for hackers to hack a computer if it is running IE 8 than IE 7, despite IE 8 being a lot newer. The trend does not look like newer versions of IE being safer.
The underlying problem is of course bugs. Many security problems arose out of nowhere with the web. They have nothing to do with the Internet itself, the underlying HTML/CSS standards or the HTTP web protocol. They have everything to do with buggy software that reads and presents HTML, CSS, PDF, applets, Silverline, Flash, etc.
Labels: browsing, java, security, snafus, web
