Download the MP3 here
Suggestions? ideas? feedback? Send an email to podcast@defensivesecurity.org
A lot has happened since the last Podcast:
Is this the end of Java? Probably not.
Java is a tough situation:
– Commonly used in businesses for applications
– Apps commonly not compatible with different Java versions
The recommendation from US CERT and DHS is to disable the browser plugin. 2 problems with this:
Many business apps are web-based or at least launched by visiting an intranet site, and disabling the plugin will break those apps
Installing the Java update will re-enable to browser plugins
The advice to completely uninstall Java seems only applicable to home computers without kids who play Minecraft.
Recommending an organization ditch the investment made in business apps is usually a career limiting move. We can make a strategic recommendation to move away from java, but for those organizations who rely on it, we have to live with it.
There are a few other options:
None are great and all have some significant holes
My AV Rant.