Access Built In – Unsupported Software Like Java 6 Gives Hackers a Big Edge
Published on Tuesday, 17 September 2013 04:00 Written by TradersHuddle Staff
When a piece of software is popular, that means billions of devices are running it. But when those same popular programs get old enough to fall of the support schedule from their respective manufacturers, “it can be a real nightmare from a cyber security perspective,” says Joe Caruso, founder and CEO/CTO of Global Digital Forensics, discussing a recent industry article in PC World, “and the number of users that vulnerabilities in these “older versions” can affect can be almost beyond comprehension, making regular network vulnerability assessments and professional penetration testing more important than ever.”
New York, NY (PRWEB) September 17, 2013
Updates. Every computer user in the world is familiar with the term. On an almost daily basis it seems something or other needs to be updated, from anti-virus programs constantly updating signatures to combat more threats, to popular programs like Oracle’s Java platform, Adobe’s product line, Flash and even operating system platforms like Windows. But for all the warnings that updates are available, many users simply don’t follow through, as a recent article in PC World shows, “which leaves countless users vulnerable to cyber attacks, and when a popular product gets old enough to fall off a manufacturer’s support schedule, hackers can have a heyday, ” says Joe Caruso, CEO/CTO and founder of Global Digital Forensics (GDF). “That’s what makes regular network vulnerability assessments more crucial to lasting success than ever.”
To illustrate the point, Caruso points to the report by Websense discussed in a recent PC World article about the vulnerabilities presented by older, unsupported software like Oracle's Java 6, installed on over three billion devices world-wide. “Java 6 was replaced with Java 7 a while ago, but over half of those three billion devices still use Java 6, which as of spring of this year is no longer supported by Oracle. That means vulnerabilities are no longer being tested for and patched, which has hackers everywhere zeroing in on those vulnerable systems like heat seeking missiles. And Oracle is not certainly not alone. In the spring of next year, the popular operating system Windows XP is falling off of Microsoft’s support schedule as well, which means all those security patches we’ve all come to expect on Microsoft’s well known patch Tuesday on the first Tuesday of every month to plug all the recent vulnerabilities they’ve uncovered will no longer be in the cards for XP users. And with the over a third of all Windows users still tethered to the XP platform, hackers everywhere are licking their chops and counting down the days.”
Why are users still using older programs if the updates are typically free?
“There are a lot of reasons, but most of the time it all boils down to cost, because free certainly doesn’t always mean free. For instance, if an organization spent big money having applications designed for Java 6, they may not be ready to dive in to another big investment to make sure their applications get updated to use the newer version. The same goes for organizations that rely on programs like Adobe Reader and Flash, or even on a bigger scale, operating systems like Windows XP, which is still in use on a whopping one third of all systems running a Window’s environment. It was stable, they are used to it and there are certainly costs involved when it comes to changing everything to a newer version, from both a monetary perspective, as well as a familiarity perspective. It’s the “don’t fix it if it ain’t broke” mentality in full swing. But what often gets forgotten are the tremendous costs that can come from a successful cyber attack, from lost revenue on a staggering scale, to lost integrity and client trust, and even regulatory compliance issues which can result in hefty fines and added headaches as well. Eventually, the piper always comes around to collect his pay, and the longer he has to wait, the larger the sum is going to be.”
Assessing the cyber threat landscape.
“Assessing the vulnerabilities of your network has to be an ongoing process for any organization that wants to thrive in the digital world. Techniques cyber attackers use are always evolving, new vulnerabilities that are exploited pop up all the time, internal personnel is often in flux, and policies and procedures can quickly become outdated due to the continuously shifting cyber threat landscape. Our network vulnerability assessments are continuously improved to take all these elements into account, both by religiously following industry trends, as well as what we see on a daily basis with a wide variety of real-world clients in real-world environments, like today’s increasing reliance on mobile devices like smartphones and tablets and their seemingly infinite app choices, to the potential perils of cloud storage and SaaS (Software as a Service) platforms. Any stone left unturned can become a weak link which can be exploited, with costly consequences. So if you are not having a comprehensive network vulnerability assessment professionally done at regular intervals, at least annually at the very bare minimum, you’re essentially painting a really big and bright target on your organization’s back, which will eventually be noticed by the many unsavory elements that call the cyber realm home. Relying on luck and good intentions without actually taking the steps necessary to become informed about potential network vulnerabilities, is just a costly disaster waiting to happen.”
From mobile devices to servers and networks, from end-users to the top of the food chain, and from policies to procedures and regulatory compliance, GDF can help shine a spotlight on the weaknesses in any client’s cyber security posture, no matter how large or how small an organization may be. Because in today’s digital world, it’s the unknowns that can definitely hurt in the long run.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics services, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber-incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.
For the original version on PRWeb visit: http://www.prweb.com/releases/2013-Threat-Assessment/Network-Vulnerabilities/prweb11128940.htm
Recent Trading Ideas
Latest Partner Headlines