Friday, December 17, 2010

Java up, Adobe down

...in terms of exploits, anyway. Looks like Java exploits are gaining favor with hackers again lately, according to this CNN article.

One of the problems with the Internet and specifically the World Wide Web is there are so many moving parts. Many novice users do not seem to realize the complexity of it all. Any application software (including Web browsers) present security risks, and when you add in the various plug-ins (such as Adobe Flash Player, Javascript, Microsoft Silverlight, etc.), you have a hacker's paradise. In the typical interaction, you have three points where security breaches can happen:
1) The browser
2) The plug-in
3) When the browser and plug-in interact

A perfect secure world would have no plug-ins at all, but that is not realistic. We are left as end users to hope the developers of the plug-ins secure their products.

Adobe has come under fire a bit for some of their exploits, but it seems as if they have done a good job (albeit, a reactive job) of plugging up some of their security holes. The report linked above shows that the number of Adobe exploits recorded has gone down, while Java exploits have gone up. Does that mean that Adobe has fixed their problems, or does it mean that Java problems are easier to exploit? That I can not tell you.

No comments: