The problem of Oracle is that they bought a technology that was stretched out to be actually “write once, run everywhere”. The Virtual Machine that provides this functionality had to be ported to all devices, and lately (in the past few years) also on mobile devices. As written in the news, even if the “run everywhere” meant initially “run on every platform” – so cross platform – this concept has been now extended to actually run on platforms used by mobile devices as well (ubiquitous computing). During the last years, Java evolved while it has been ported to the new platforms and devices. Each version of Java brought improvements and changes, sometimes not backward compatible. During this time, the applications that were created against a certain version of Java, for different reasons, were never updated to use the latest version. So, the users of these applications never upgraded their application and therefore they didn't have to update the Java version required by these programs.   The difference between updating and upgrading is a matter of interpretation by the implementer. Usually, the term update means to improve an existing version by fixing bugs or adding minor functionality. The main functionality, supported platforms and…

As security professionals, we are continuously facing the challenge of smaller and smaller budgets allocated to maintain and improve the IT security. That’s probably the main reason why there is always the temptation of “Free”. Many people, sometimes even professionals, think that they can achieve a good security for free. “For free” means in this context that some programs used to achieve and improve security don’t cost any money to acquire.  Unfortunately, the analysis of the costs stops at the acquisition and it ignores other costs like the installation and maintenance costs. But, is it possible to cover all the possible attack vectors with free security products? I made a short analysis of the most common ways used to endanger the IT security and if it is possible (to my best knowledge) to cover them with free tools. I am ignoring the social engineering techniques as they, most of the time, can’t be combated with tools. The security landscape changes continuously and you have to be fully protected against the most common attack vectors: infections through files carried on USB sticks, memory cards, mobile hard drives, downloaded files network attacks (spoofing, DOS) vulnerabilities that get exploited in common software drive-by…

One of the biggest problem that most IT security experts around the world have is the fact that IT security is never taken seriously until a security incident takes place. After that, management boards start being interested in IT security. However, these managers see security not through the eyes of an expert, but through the eyes of a business man. They need to measure, to plan and probably most important of all, they need to know the costs. An easier way to talk security with management is to define security as a manager. SMART is a mnemonic with many accepted meanings, but in this article it stands for: Specific, Measurable, Achievable, Relevant, Time-oriented. The term is coming originally from project management where it is used to set objectives (called Key Performance Indicators – KPIs) and to track them. For security specialists it is important to be able to set and track KPIs for the goals they want to achieve when evaluating, designing, implementing security solutions or when doing risk assessment. Presenting SMART goals to a management board can make security goals be easier to understand and … to approve. While on the first view these terms are overlapping, they are…

If you have read news lately, you couldn’t have missed hearing how well the tablets, smart phones and smart TVs are selling, and how badly the PC market (excluding laptops) is doing. Many so called “futurists” have predicted the passing of the PC era. But is it really gone? Is the Personal Computer really dead, or are these just marketing gags? Being curious, I asked some friends what they use for their “computing” activities and how they use their devices. First of all, it is important to clarify who are my friends and what they do. My circle of friends – and I am not talking about Google Plus’ circle, but people whom I meet in person almost every day – vary from seniors (70+) with little to no IT know-how, to professionals who use computers for their work (not directly IT-related) and IT professionals who are making a living with computers. The seniors have never held a tablet in their hands, but they know what one is. They all have PCs in their homes, connected to Internet, some of them even a laptop (with WiFi) as well as a PC. All of them use their PCs only for browsing,…