Wow, just, wow. As we previously opined, Java has indeed already been exploited again a mere 1 day after releasing a patch to fix the last 0-day threat.

This threat can be purchased for a mere $5,000 on the internet, a paltry sum considering the amount of money people make on botnets, spamming, extortion, and the rest of the nefarious practices this security flaw could result in.

Trend Micro, a well known anti-virus vendor commented today on the flawed patch, and referenced their previous post “How to Use Java – If You Must” on safe ways to use Java when required, but not all the time.

For the vast majority of users, disabling Java would have minimal impact. For the rest of the users, we agree with Trend’s suggestions:

For users who cannot avoid using Java, there are other ways to mitigate its risks:

1. If you have Java installed because an application needs it, opt to disable Java in your browser(s)
2. Disable Java on a per-browser basis. Pick a “secondary” browser to use for sites that use Java and disable it in your preferred browser

This seems like good advise, however there is a third option. Use an XVU Drive when accessing secure sites and prevent any infection at all from affecting your browsing.

According to LifeHacker, a single command can display every file you’ve ever downloaded on your Mac (through Safari, but still…). This command even includes files you’ve long since deleted.

Unfortunately, this is not the first time Apple has had a super-secret way of seeing what sites you’ve browsed, and other private information.

While I’m sure this will be met with “who cares, I have nothing to hide!” that’s not the point. When a user clicks “Clear hostory” in their browser it should do just that. To have an alternate, hidden, location that secretly tracks you is a violation of our privacy.

Of course, our security minded (read “paranoid”) staff bandied about ways that this could be misused by an attacker and came up with plenty of good ones including that someone with remote access to find this list, and place another file in the same location as a file you downloaded, and then you might run it, thereby further infecting yourself. This is all theoretical of course, but it is a fact that the existence of personally identifiable data you’re not aware of, and cannot remove without a super secret code is a huge data mine for would-be attackers.

The XVU Drive never tracks you. In fact, in versions without persistence it couldn’t track you if it wanted to as all changes are deleted upon reboot.

Microsoft released a patch today rated “Critical” for users of IE 6,7, and 8. This is a follow up to the IE bug reported a few days ago, that has been in circulation for months, and (hopefully) finally closed today.

Microsoft’s security bulletin lists the affected software and reasons behind the patch, and below the post includes links to dozens of patches (per OS, version of IE, etc.).

Be sure you’re installing the correct version for your version of IE and your OS. The easiest way to do this is to use Windows’ Automatic update service, but if you need to you can also check them manually.

To see the version of Windows you’re running, you can follow the advise of Dave Taylor here.
To see the version of IE you’re running, follow the quick steps in this MSDN blog post.

IE has always been one of the browsers with the most security flaws in it. Try Firefox or Chrome (although neither are 100% secure), and be sure to always practice Safe Surfing with your XVU Drive.

In a moment that takes me back to superhero “crossover” comics when I was a kid, it looks like Red October, the five year long hack that’s infected government computers in the US, most of the EU countries, Russia, India, and dozens more, relied on a little program called Java to gain access to all these agencies.

This is a good example of why we recommend disabling Java until you absolutely need it, and then disabling it again once you’re finished with it. The recent Java remote execution exploit is not the first, nor is it likely to be the last, and until there is a dramatic overhaul of the service it should always be considered dangerous.

Although we believe Java to be secure for now, diligence is always required. These exploits often surface after they have already used for weeks, months, and in this case 5 years. This highlights the need to practice Safe Surfing every day with your XVU Drive so that you’re not another victim.

According to DefenseCode they are able to remotely attain root access (read FULL access) to Cisco Linksys WRT54GL routers, and possibly any Linksys router running 4.30.14 or below.

With over 70 million Linksys routers out there, and due to the extreme hazards of this exploit, we feel it’s important to let you know about it, even though very little can be done until Cisco issues a patch.

In the meantime, if you run a stock Linksys router, do not enter any sensitive communications unless you’re on an HTTPS site. This means FTP if you’re a web admin, or accessing blogs, and other sites you may have to sign in on that are not https secured.

Unfortunately, the XVU Drive will do nothing to aid in your security against this hack. We’re simply informing our customers so they’re aware and can install a patch as soon as it’s available.

Stay safe.

Although this is not a particular threat to the consumer market, ARSTechnica discusses an infection that has infected dozens of federal governments, and worse, has had infections installed for over five years.

This highlights the overall insecurity of the PC market, and why we feel so strongly about what we do here at XVU. If the national governments – with all of their highly trained IT staff and security protocols – of countries like the U.S., Russia, India, and the majority of Europe, can all not only be infected, but also have the infection undetected for over half a decade, what chance do you, I, or any average computer user stand against these “best of the best” hackers?

This is why we firmly believe in our product. Although you should have AV on your computer, it’s not enough. You should have a firewall at least on your computer, but that’s not enough. The best way to ensure that you’re not infected and transmitting your bank account information, credit card information, or sensitive information in general is to boot a completely separate operating system that has virtually no chance of infection.

We’re constantly working on new technology that will make security easier, faster, and more widely accepted. Feel free to contact us if you have any ideas on ways we can improve our product or your experience. Also, don’t forget to like our Facebook page and tell your friends so they can get protected as well. Keeping the internet safe is up to all of us.

Just as quickly as it started, Oracle has released a patch to fix the security hole that has been running rampant. You can install it from the link above or from within your Java control panel.

Just because this path has been released does not mean that Java is “safe” though. As Krebsonsecurity mentions, this is only one of a bevvy of attacks Java has been under, and not likely to be the last. Unless you *need* java for some reason (remote desktop sharing, etc.) it is recommended that you leave it disabled as we discussed in the initial post.

Although this patch prevents future infections using this particular attack, it by no means fixes any previous infections. Be sure to run your AV scanner ASAP if you haven’t already, and as always, keep yourself safe by using your XVU Drive for secure online transmissions.

In a follow up to the Java exploit, ARSTechnica mentions an article from a security researcher at Kaspersky Labs (a well-known and highly trusted anti-virus vendor) that says that they have found “multiple ad networks redirecting to Blackhole sites” and that they “…have seen ads from legitimate sites… redirecting to domains hosting the current (Java 0-day virus).  These sites include weather sites, news sites, and of course, adult sites.”

This means that if you have Java running, and browsed any website that showed you these compromised ads, you are probably infected right now.

First, check to see if you are running Java, and disable it if you are, by following the steps in the original post.  Also, since these threats are all brand-new, be sure to browse all secure sites with your XVU Drive until this exploit is fully patched and all related viruses are able to be detected by your AV vendor.