Websense security researcher: protect yourself from Java and Flash vulnerabilities
The Flash Player, which views, plays and executes Flash content, is still a requirement to stream on radio and TV websites. The popularity of Java and Flash makes sites running these platforms vulnerable to attacks. Alex Watson, director, security, Websense Labs, shared some advice on how the enterprise can protect itself in a recent exclusive interview with IT in Canada.
One of the reasons Java is especially at risk for attacks is that the sixth version of the platform will soon lose support from Oracle. “Outdated versions are vulnerable,” Watson noted. The easiest solution for businesses to protect themselves is to move to the most recent version of the platform. However, that is not always possible. Watson explained that some companies cannot simply update their version of Java because some applications will only run on older versions of the platform.
The situation for Flash users is equally unsettling. Security researchers at Websense discovered that 42% of Canadian companies are not using the most up-to-date version of Flash. Due to Flash’s susceptibility to attacks, Adobe has released 26 security patches for the product in the past year. In the past three months alone, it has made five security patches available for Flash. When users do not update the platform or take advantage of security patches, “it leaves you open to security holes,” Watson said.
Watson stated that the outlook need not be bleak. He pointed to a recent announcement from Oracle that introduced deployment rule sets in Java 7. Deployment rule sets give administrators the ability to control Java version compatibility. For example, users can protect themselves with the latest version of the platform for most browser applets, although they can still use an older version of Java for business applications.
Websense Labs’ director of security added that the number of vulnerabilities to which Java is exposed means that enterprises will never be perfectly secure. To that end, companies need to adopt a comprehensive security strategy to protect themselves as best they can. A comprehensive security strategy involves modeling an attack and observing it at every stage to learn which gaps need closing. Watson also recommended staying abreast of the newest parts of an attack cycle to defend your business against cyber criminals. Deploying technologies that “talk” to each other and complement one another will keep you safe as well, Watson commented.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…