Decaf Java?

Hopefully, you’ve heard about the recent security vulnerabilities involving Java. I blogged about it last month in this post.

“Patch and pray” might be a good start for dealing with software issues like this but you can do more. The reason? There’s always going to be another vulnerability and, in some cases, the bad guys will exploit it before the good guys have developed a defense for it — the dreaded “zero-day” vulnerability.

So what can you do? In my previous post I extolled the virtues of the NoScript browser plug-in as one approach. It doesn’t have to stop there, though.

There’s a good article entitled “How to Safely Keep Java in Your Web Browser” that points out just how difficult it is to wean yourself off of Java (the software — not the beverage) along with some possible strategies to lessen the risk. Among the techniques described involves using separate browsers for Java and non-Java content (which is sort of a more drastic version of the NoScript approach).

I hope you find it useful since going cold turkey with Java could be the equivalent of cutting off your nose to spite your face …

Advertisement

Wilmington IT eXchange

 

I’ll be doing the keynote presentation at the Wilmington (NC) IT eXchange and Conference on April 9, 2013. The annual event will be held on the campus of by UNC Wilmington and led by Dr. Tom Janicki and other faculty.

My talk will be about Social Media Threats and will kick off what should be an interesting afternoon of elective learning sessions, exhibits by vendors and UNCW students and professional networking. Hope to see you there …

Pulse 2013

Looking forward to seeing many of you at Pulse 2013 in Las Vegas, March 3-6. There will be loads of sessions led by IBM customers talking about their experiences, best practices,lessons learned and the like as well as a great opportunity for professional networking.

For those that can’t make it there in person, many of the sessions are available online at the ibm.com/pulse web site.

PC Security Toolbox

It seems there are about a million things people are telling you that must be done in order to keep your PC secure and about ten times that many different tools that you might use to get the job done. That’s why I particularly liked Eric Geier’s PCWorld.com article entitled “PC security: Your essential software toolbox.”

In the piece he gives a brief overview of the basics — anti-malware tools, firewalls, wireless security and more. It’s far from comprehensive but, then again, who would want to have to pore through the tome that would result from  a treatment of this topic that was?

If you’re pretty security savvy you probably won’t find anything new here but the real value to you is that it’s something that you can easily share with your not-so-security-savvy friends who rely on you as their free tech support. So, just file this under the category of “enlightened self-interest” and make life a little tougher for the bad guys by passing this along …

NCSU TechTalk

I’ll be doing a TechTalk on social media threats at NC State University for the local chapters of the Association of Computing Machinery (ACM) and the Association of Information Technology Professionals (AITP) on Tuesday, Feb 26, at 6:00 pm.

The event is open to the public and details can be found here. Hope to see you there …

Tablet security

I’ve written here previously about the increasing need for attention in the area of securing mobile phones. It has taken some time but it seems we have reached a place where most everyone realizes that if they want to connect a desktop or laptop to the Internet that they also need to take precautions against malware, spyware and so on, but we aren’t there yet when it comes to intuitively understanding the risks associated with mobile devices.

According to at least one estimate there are now more than 1 billion (with a “b”) smartphones in use around the world and we are on pace to reach a point where there are more of them (smartphones = 10 billion) than us (people = 7.3 billion) by 2016.

And what are all these smartphones but tiny, portable computers with wireless connections? Meaning, they can be hacked just like traditional PCs can. In fact, going mobile increases the risk by adding in additional variables since these devices are more easily lost and stolen.

Slowly the level of awareness is coming around to the point where eventually everyone will realize that smartphones need security just like laptops and desktops do.

But what about tablets? Same song, next verse. After all, what is an Android tablet other than a larger version of an Android phone that can’t make cell calls, and what is an Android phone other than a PC that can?

In other words, if it computes it can be hacked and if it can be hacked you probably ought to think about protecting it. Tablets are not exempt from security risks any more than smartphones or laptops are.

In today’s Raleigh News & Observer “Stump the Geeks” column, Tyler Dukes asked me to comment on the need for tablet security. You can see my comments along with some interesting study results from NC State University (my alma mater) in this area.

Ignorance may be bliss but when it comes to security it also leads to disaster so I’d say a little less bliss is better in this case…

Wilmington IT Breakfast Panel

In case you happen to be in the Wilmington, NC, area on Feb 19, I’ll be a panelist along with:

• FBI Special Agent Michael Nauert,
• GE Hitachi Nuclear Energy Senior Instrument and Control Engineer Matthew Bohne and
• Applied Research Associates Senior Cyber Security Engineer Kemal Piskin

The event will be held at UNC-Wilmington and moderated by Associate Professor Ulku Yaylacicegi.

For more info go to:  http://csbapp.uncw.edu/events/reg/registration.aspx

 

Identity Management and Social Networking Threats

Here’s the video stream (with slides) of the keynote address I gave at last month’s OOP 2013 conference in Munich on the subject of Social Media threats and how they relate to key Identity Management issues involving authentication.

OOP 2013 Keynote – Munich, 22 Jan 2013